Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug prior to 0.11.11 (as used in Pallets Flask and other products) allows remote malicious users to inject arbitrary web script or HTML via a field that contains an exception message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
palletsprojects werkzeug |