CVE-2020-18702 – quokka

Package

Manager: pip
Name: quokka
Vulnerable Version: >=0 <=0.4.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00405 pctl0.60242

Details

Cross Site Scripting (XSS) in Quokka Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'.

Metadata

Created: 2021-08-30T16:23:26Z
Modified: 2024-10-24T21:55:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-5m69-3chg-6f8m/GHSA-5m69-3chg-6f8m.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-5m69-3chg-6f8m
Finding: F425
Auto approve: 1