CVE-2021-39286

CVE-2021-39286

EPSS 0.7%

Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/webrecorder/pywb/commit/f7bd84cdacdd665ff73ae8d09a202f60be2ebae9 https://github.com/webrecorder/pywb/compare/v-2.5.0...v-2.6.0