CVE-2025-61773

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev91

Description pyLoad is a free and open-source download manager written in Python. Versions prior to 0.5.0b3.dev91 have insufficient input validation in the web interface, specifically in the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This allows untrusted user input to be processed unsafely, potentially leading to client-side code execution (XSS) or manipulation of request handling. User-supplied parameters from HTTP requests were not adequately validated or sanitized before being passed into the application logic and response generation. The CNL (Click'N'Load) blueprint exposed unsafe handling of untrusted parameters in HTTP requests.

Recommendations Update pyLoad to version 0.5.0b3.dev91 or later.