Pywb · Pywb · CVE-2021-39286
**Name of the Vulnerable Software and Affected Versions**
pywb versions prior to 2.6.0
**Description**
The issue arises because pywb does not ensure that Jinja2 templates are autoescaped, leading to a potential XSS attack. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.
**Recommendations**
For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of Jinja2 templates until a patch is available. Restrict access to potentially vulnerable endpoints to minimize the risk of exploitation.