CVE-2016-10516 in Werkzeuginfo

Summary

Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

10/23/2017

Disclosure

10/23/2017

Moderation

VulDB entry created

Entries

VDB-108560 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

5.2

EPSS

0.00411

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-10516
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-10516
CVE Details	https://www.cvedetails.com/cve/CVE-2016-10516/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!