PYSEC-2023-143

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/wger/PYSEC-2023-143.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2023-143

Aliases

CVE-2023-38758
GHSA-8m9p-3926-gffr

Published

2023-08-08T16:15:00Z

Modified

2023-11-08T04:13:09.973177Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.

References

Affected packages

PyPI / wger

Package

Name: wger; View open source insights on deps.dev
Purl: pkg:pypi/wger

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1

1.1.1

1.2rc1

1.2

1.3

1.4

1.5

1.6

1.6.1

1.7

1.8

1.9

2.*

2.0

2.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/wger/PYSEC-2023-143.yaml"