Cross-site Scripting (XSS) in python3-yubico | CVE-2016-10735

Q: How to fix?

Upgrade Rocky-Linux:8 python3-yubico to version 0:1.3.2-9.1.module+el8.7.0+1074+aae18f3a or higher. This issue was patched in RLSA-2020:4670 .

Threat Intelligence

0.22% (61^st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Cross-site Scripting (XSS) vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-ROCKY8-PYTHON3YUBICO-3211228
published5 Jan 2023
disclosed9 Jan 2019

Report a new vulnerability Found a mistake?

Introduced: 9 Jan 2019

CVE-2016-10735 (opens in a new tab) CWE-79 (opens in a new tab)

How to fix?

Upgrade Rocky-Linux:8 python3-yubico to version 0:1.3.2-9.1.module+el8.7.0+1074+aae18f3a or higher.
This issue was patched in RLSA-2020:4670.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-yubico package and not the python3-yubico package as distributed by Rocky-Linux. See How to fix? for Rocky-Linux:8 relevant fixed versions and status.

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.

Cross-site Scripting (XSS) Affecting python3-yubico package, versions <0:1.3.2-9.1.module+el8.7.0+1074+aae18f3a

Severity