WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "48618559910933315555550741766578909898", "94898622498664913251430441506174751952", "44797966479474966525961246575245035638", "185880968211157888779939959372448423929", "189258922099877177576852192982082302879", "338895098852573818719662445618442206720" ] }, "id": "CVE-2017-6503-35faa0dd", "source": "https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16", "signature_type": "Line", "signature_version": "v1", "target": { "file": "src/gui/properties/propertieswidget.cpp" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "233509018470064228684480277402438007569", "151908066262400473475164498328073111074", "329480381762994020184551686961880477196", "20852449753772302925817548026169583900", "164246782185912083661161636700000005324", "271242193035481665560631187940250235744", "116482884772017208197721294700350050815", "177343659139233130544608066437550441382", "6601692464133387446339649614947449168", "275479931589891395744160830164021905320" ] }, "id": "CVE-2017-6503-3899d4a5", "source": "https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16", "signature_type": "Line", "signature_version": "v1", "target": { "file": "src/base/logger.cpp" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "291188985003732846589226656869466976303", "262175729038848040008897503785860692314", "27505096191420964322354555897610999152", "326504563255106739596459208376493163543", "7268769816573936996848287650462271144", "53719890752976671106449660320672056445", "173633353691720488412276884106506626167", "75648770658042306568940301710549399611", "147463194285757156949629400039930711014" ] }, "id": "CVE-2017-6503-46295d3a", "source": "https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16", "signature_type": "Line", "signature_version": "v1", "target": { "file": "src/gui/deletionconfirmationdlg.h" }, "deprecated": false }, { "digest": { "function_hash": "92775857306700432190514671989575937620", "length": 320.0 }, "id": "CVE-2017-6503-8ab3d750", "source": "https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16", "signature_type": "Function", "signature_version": "v1", "target": { "file": "src/base/logger.cpp", "function": "Logger::addMessage" }, "deprecated": false }, { "digest": { "function_hash": "114865918741609473804531006061921442790", "length": 331.0 }, "id": "CVE-2017-6503-ae85b39a", "source": "https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16", "signature_type": "Function", "signature_version": "v1", "target": { "file": "src/base/logger.cpp", "function": "Logger::addPeer" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "12876673985119035764107724111325859294", "30213864603390198813579797111603333697", "115431095429169769413068563272854879796" ] }, "id": "CVE-2017-6503-bf47a9bd", "source": "https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16", "signature_type": "Line", "signature_version": "v1", "target": { "file": "src/base/utils/string.h" }, "deprecated": false }, { "digest": { "threshold": 0.9, "line_hashes": [ "150382242333414115021801530059710814284", "11803751291287832047309035772968133212", "288313758785127689150132838477547543440", "76632614504937806188288078716716235187", "317603350759272619625809304940772004733", "11803751291287832047309035772968133212", "288313758785127689150132838477547543440", "76632614504937806188288078716716235187" ] }, "id": "CVE-2017-6503-d8c75026", "source": "https://github.com/qbittorrent/qbittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16", "signature_type": "Line", "signature_version": "v1", "target": { "file": "src/gui/properties/peerlistwidget.cpp" }, "deprecated": false } ] }