CVE-2024-38521

Name of the Vulnerable Software and Affected Versions Hush Line versions prior to 0.1.0

Description Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display.

Recommendations For versions prior to 0.1.0, update to version 0.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the Inbox feature until the update is applied.