It was discovered that Jinja2 incorrectly handled certain HTML attributes
that were accepted by the xmlattr filter. An attacker could use this issue
to inject arbitrary HTML attribute keys and values to potentially execute
a cross-site scripting (XSS) attack.
More Stories
rust-below-0.9.0-1.el8
FEDORA-EPEL-2025-ae12e02519 Packages in this update: rust-below-0.9.0-1.el8 Update description: A privilege escalation vulnerability existed in the Below service prior to v0.9.0...
DSA-5894-1 jetty9 – security update
Jetty 9 is a Java based web server and servlet engine. Several security vulnerabilities have been discovered which may allow...
DSA-5893-1 tomcat10 – security update
A security vulnerability was found in Tomcat 10, a Java based web server and servlet engine. A malicious user was...
DSA-5896-1 trafficserver – security update
Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of...
DSA-5895-1 xz-utils – security update
Harri K. Koskinen discovered a flaw in the multithreaded .xz decoder lzma_stream_decoder_mt in xz-utils, the XZ-format compression utilities, which may...