Medium severity6.1NVD Advisory· Published May 31, 2017· Updated May 13, 2026

CVE-2017-9306

Description

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.

Affected products

Syspass/Syspass
cpe:2.3:a:syspass:syspass:2.1.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cdxy.menvdExploitThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000