qbittorrent is vulnerable to cross-site scripting (XSS). The WebUI does not escape data values before rendering on a user’s browser, allowing an attacker to inject and execute arbitrary Javascript.
CPE | Name | Operator | Version |
---|---|---|---|
qbittorrent:stretch | eq | 3.3.7-3+deb9u1 | |
qbittorrent:stretch | eq | 3.3.7-3+deb9u1 |