Homepage

archivebox@0.8.6rc3 vulnerabilities

Self-hosted internet archiving solution.

  • latest version

    0.7.2

  • first published

    4 years ago

  • latest version published

    1 years ago

  • licenses detected

  • View archivebox package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the archivebox package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    archivebox is a The self-hosted internet archive.

    Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') due to the wget extractor. An attacker can potentially act using your logged-in admin credentials and add/remove/modify snapshots and ArchiveBox users, and generally do anything an admin user could do by viewing an archived malicious page designed to target your ArchiveBox instance.

    Note: This is only exploitable if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page.

    How to fix Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')?

    There is no fixed version for archivebox.

    [0,)
    Go back to all versions of this package