Lucene search
Veracode Vulnerability DatabaseVERACODE:33047HistoryNov 22, 2021 - 8:06 a.m.
Cross-Site Scripting (XSS)
2021-11-2208:06:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
cross-site scripting
remote attacker
javascript
process_attachments function
vulnerable
django_helpdesk
EPSS
0.001
Percentile
21.4%
django_helpdesk is vulnerable to cross-site scripting (XSS) attacks. A remote attacker is able to inject and execute arbitrary Javascript in a user’s browser through a specifically crafted attachment via the process_attachments function.
References
github.com/django-helpdesk/django-helpdesk/commit/04483bdac3b5196737516398b5ce0383875a5c60
github.com/django-helpdesk/django-helpdesk/commit/44abb197120a843cce5b5fe8276e4a44b8bb2f48
github.com/django-helpdesk/django-helpdesk/issues/983
github.com/django-helpdesk/django-helpdesk/pull/984
huntr.dev/bounties/4d7a5fdd-b2de-467a-ade0-3f2fb386638e
huntr.dev/bounties/4d7a5fdd-b2de-467a-ade0-3f2fb386638e/
Related
cvelist
cvelist
osv
osv
PYSEC-2021-431
2021-11-19 12:15:00
Cross-site Scripting in django-helpdesk
2021-11-23 17:55:46
CVE-2021-3950
2021-11-19 12:15:08
huntr
huntr
Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk
2021-11-11 14:18:52
prion
prion
Cross site scripting
2021-11-19 12:15:00
nvd
nvd
CVE-2021-3950
2021-11-19 12:15:08
github
github
Cross-site Scripting in django-helpdesk
2021-11-23 17:55:46
cve
cve
CVE-2021-3950
2021-11-19 12:15:08