PYSEC-2026-1501

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/koji/PYSEC-2026-1501.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1501
Aliases
Published
2026-07-07T14:34:47.795518Z
Modified
2026-07-07T17:47:15.900762953Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
Koji Cross-site Scripting
Details

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code.

References

Affected packages

PyPI / koji

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.33.2
Introduced
1.34.0
Fixed
1.34.3
Introduced
1.35.0
Fixed
1.35.1

Affected versions

1.*
1.15.0
1.16.0
1.16.1
1.17.0
1.18.0
1.19.0
1.19.1
1.20.0
1.20.1
1.21.0
1.21.1
1.22.0
1.22.1
1.23.0
1.23.1
1.24.0
1.24.1
1.25.0
1.25.1
1.26.0
1.26.1
1.27.0
1.27.1
1.28.0
1.28.1
1.29.0
1.29.1
1.30.0
1.30.1
1.31.0
1.31.1
1.32.0
1.32.1
1.33.0
1.33.1
1.34.0
1.34.1
1.34.2
1.35.0

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/koji/PYSEC-2026-1501.yaml"