CVE-2020-19000 – simiki

Package

Manager: pip
Name: simiki
Vulnerable Version: >=0 <1.6.2.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00427 pctl0.61468

Details

Cross Site Scripting (XSS) in Simiki Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component 'simiki/blob/master/simiki/generators.py'.

Metadata

Created: 2021-09-01T18:37:01Z
Modified: 2024-10-22T17:09:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-fqr5-qphf-vfr8/GHSA-fqr5-qphf-vfr8.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-fqr5-qphf-vfr8
Finding: F425
Auto approve: 1