Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pallets Flask Pallets Werkzeug 跨站脚本漏洞
Vulnerability Description
Pallets Flask是Pallets项目中的一个基于Python的Web应用开发工具。Pallets Werkzeug是其中的一个WSGI工具包。 Pallets Flask和其他产品中使用的Pallets Werkzeug 0.11.11之前的版本的debugger的debug/tbtools.py文件的‘render_full’函数存在跨站脚本漏洞。远程攻击者可借助带有异常消息的字段利用该漏洞注入任意的Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A