CVE-2016-10516
Summary
| CVE | CVE-2016-10516 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2017-10-23 16:29:00 UTC |
|---|
| Updated | 2018-02-04 02:29:00 UTC |
|---|
| Description | Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 1191-1] python-werkzeug security update |
MLIST |
lists.debian.org |
|
| Flask Debugger页面上的通用XSS漏洞分析和挖掘过程记录 - Nearg1e |
MISC |
blog.neargle.com |
Issue Tracking |
| Fix XSS in debugger by neargle · Pull Request #1001 · pallets/werkzeug · GitHub |
MISC |
github.com |
Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 670971 EulerOS Security Update for python-werkzeug (EulerOS-SA-2021-2612)
- 671026 EulerOS Security Update for python-werkzeug (EulerOS-SA-2021-2671)
