EPSS
Percentile
31.0%
collective.task is vulnerable to cross-site scripting. The vulnerability exists in the renderCell function of table.py due to missing escape columns which allows an attacker to inject and execute malicious JavaScript.
renderCell
table.py
github.com/advisories/GHSA-4r9h-x77w-mffv
github.com/collective/collective.task/commit/1aac7f83fa2c2b41d59ba02748912953461f3fac
github.com/collective/collective.task/releases/tag/3.0.10
github.com/collective/collective.task/releases/tag/3.0.9
vuldb.com/?id.215907