CVE-2020-19000: Cross Site Scripting (XSS) in Simiki

September 1, 2021 (updated October 22, 2024)

Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component ‘simiki/blob/master/simiki/generators.py’.

References

github.com/advisories/GHSA-fqr5-qphf-vfr8
github.com/pypa/advisory-database/tree/main/vulns/simiki/PYSEC-2021-347.yaml
github.com/tankywoo/simiki
github.com/tankywoo/simiki/issues/123
nvd.nist.gov/vuln/detail/CVE-2020-19000

Code Behaviors & Features

Detect and mitigate CVE-2020-19000 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →