VDB

GCVE-VVD-MAGEIA-2024-199

GCVE-VVD-MAGEIA-2024-199
Advisory Published
Vulnetix · Advisory published September 27, 2024
It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting (XSS) attack.
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiapython-jinja20 (affected), 3.1.4-1.mga9 (unaffected), 0 (affected), 3.1.4-1.mga9 (unaffected)
Mageiasxiv0 (affected), 26-1.mga9 (unaffected)

References

Updated python-jinja2 packages fix security vulnerabilities
advisory
Updated python-jinja2 packages fix security vulnerabilities
issue
Updated python-jinja2 packages fix security vulnerabilities
advisory
Updated sxiv packages fix bugs
advisory
Updated sxiv packages fix bugs
issue
Updated sxiv packages fix bugs
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›