PT-2024-30175 · Unknown · Fastapi-Admin
Aprilliar13
·
Published
2024-08-26
·
Updated
2024-08-30
·
CVE-2024-42816
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
fastapi-admin pro version 0.1.4
Description
A cross-site scripting (XSS) vulnerability in the Create Product function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
Product Name parameter.Recommendations
For version 0.1.4, consider disabling the Create Product function until a patch is available.
As a temporary workaround, restrict the use of the
Product Name parameter in the Create Product function to minimize the risk of exploitation.
Upgrade to version 0.1.5 to remediate the issue.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fastapi-Admin