VULHUB ™

PY-Livredor does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary HTML code into pages that are generated by the guestbook. The attacker's code may be executed in the web client of users who view the pages generated by the guestbook, in the security context of the website hosting the software. Attackers may potentially exploit this issue to hijack web content or to steal cookie-based authentication credentials.

PY-Livredor does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary HTML code into pages that are generated by the guestbook. The attacker's code may be executed in the web client of users who view the pages generated by the guestbook, in the security context of the website hosting the software. Attackers may potentially exploit this issue to hijack web content or to steal cookie-based authentication credentials.