Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-08-18T17:31:34

Updated: 2024-08-04T02:06:41.495Z

Reserved: 2021-08-18T00:00:00

Link: CVE-2021-39286

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-18T18:15:08.177

Modified: 2024-11-21T06:19:07.390

Link: CVE-2021-39286

cve-icon Redhat

No data.