Homepage
About Snyk

archivebox@0.7.2 vulnerabilities

Self-hosted internet archiving solution.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the archivebox package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

archivebox is a The self-hosted internet archive.

Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') due to the wget extractor. An attacker can potentially act using your logged-in admin credentials and add/remove/modify snapshots and ArchiveBox users, and generally do anything an admin user could do by viewing an archived malicious page designed to target your ArchiveBox instance.

Note: This is only exploitable if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page.

How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')?

There is no fixed version for archivebox.

[0,)
Go back to all versions of this package