Satoridev01

**Name of the Vulnerable Software and Affected Versions** PySpector versions prior to 0.1.7 **Description** PySpector, a static analysis security testing (SAST) Framework, is affected by a stored Cross-Site Scripting (XSS) issue in its HTML report generator. When scanning a Python file containing JavaScript payloads (for example, within a string passed to `eval()`), the flagged code snippet is included in the HTML report without proper sanitization. Opening the generated report in a browser causes the embedded JavaScript to execute within the browser’s local file context. An attacker can craft a malicious Python file and, when scanned by PySpector and opened by a victim, can achieve arbitrary DOM manipulation, redirects to attacker-controlled pages, and potential theft of locally accessible data. The `eval()` function is used to execute the JavaScript payload. **Recommendations** Versions prior to 0.1.7 should be updated to version 0.1.7 or later.