PYSEC-2020-226

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/cabot/PYSEC-2020-226.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2020-226

Aliases

CVE-2020-25449
GHSA-8q2h-4mq6-396j

Published

2020-12-04T20:15:00Z

Modified

2023-11-01T04:52:38.322785Z

Summary

[none]

Details

Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column.

References

https://itsmeanonartist.tech/blogs/blog2.html
https://www.exploit-db.com/exploits/48791
https://www.exploitalert.com/view-details.html?id=36106
https://packetstormsecurity.com/files/159070/Cabot-0.11.12-Cross-Site-Scripting.html

Affected packages

PyPI / cabot

Package

Name: cabot; View open source insights on deps.dev
Purl: pkg:pypi/cabot

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.6.0

0.8.4

0.8.5

0.8.6

0.8.7

0.9.0

0.9.1

0.9.2

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.10.5

0.10.6

0.10.7

0.10.8

0.11.1

0.11.2

0.11.3

0.11.4

0.11.5

0.11.6

0.11.7

0.11.8

0.11.9

0.11.10

0.11.12

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/cabot/PYSEC-2020-226.yaml"