Fluid Attacks Database

Description

FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function A cross-site scripting (XSS) vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	fastapi-admin	>=0 <=0.1.4	0.1.5

Aliases

1. CVE-2024-428182. NVD-2024-428183. OSV-2024-428184. GCVE-2024-42818

References

1. https://github.com/fastapi-admin/fastapi-admin/issues/1722. https://fastapi-admin-pro.long2ice.io/admin/login

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.