CVE-2026-33230 in NLTKالمعلومات

الملخص

بحسب MITRE • 21/03/2026

NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. In versions 3.9.3 and prior, `nltk.app.wordnet_app` contains a reflected cross-site scripting issue in the `lookup_...` route. A crafted `lookup_<payload>` URL can inject arbitrary HTML/JavaScript into the response page because attacker-controlled `word` data is reflected into HTML without escaping. This impacts users running the local WordNet Browser server and can lead to script execution in the browser origin of that application. Commit 1c3f799607eeb088cab2491dcf806ae83c29ad8f fixes the issue.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

18/03/2026

إفشاء

21/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-352256

CPE

جاهز

CWE

CWE-79 (مؤكد)

CVSS

6.1 (CNA)

EPSS

0.00019

KEV

لا

النشاطات

منخفض

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33230
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33230
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33230/

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!