PYSEC-2023-295

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/repox/PYSEC-2023-295.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2023-295

Withdrawn

2024-11-22T04:37:05Z

Published

2023-12-13T10:15:00Z

Modified

2024-11-21T14:23:00.792103Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An XSS vulnerability stored in Repox has been identified, which allows a local attacker to store a specially crafted JavaScript payload on the server, due to the lack of proper sanitisation of field elements, allowing the attacker to trigger the malicious payload when the application loads.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-repox

Affected packages

PyPI / repox

Package

Name: repox; View open source insights on deps.dev
Purl: pkg:pypi/repox

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.0.1

0.0.2

0.0.3

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/repox/PYSEC-2023-295.yaml"