CVE-2017-10516

Name of the Vulnerable Software and Affected Versions Pallets Werkzeug versions prior to 0.11.11

Description A cross-site scripting (XSS) issue exists in the render full function in debug/tbtools.py, allowing remote attackers to inject arbitrary web script or HTML via a field containing an exception message.

Recommendations For versions prior to 0.11.11, update to version 0.11.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the debugger or disabling the render full function in debug/tbtools.py to minimize the risk of exploitation.