Boston Sleep slice Layout cross site scripting
Description
A vulnerability, which was classified as problematic, was found in Boston Sleep slice up to 84.1.x. Affected is an unknown function of the component Layout Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 84.2.0 is able to address this issue. The name of the patch is 6523bb17d889e2ab13d767f38afefdb37083f1d0. It is recommended to upgrade the affected component. VDB-216174 is the identifier assigned to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting in Boston Sleep slice <=84.1.x allows remote attackers to inject arbitrary web script, fixed in 84.2.0.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in the Layout Handler component of Boston Sleep slice up to version 84.1.x [1][2]. The html_safe method is used on user-controlled data in the page title, allowing injection of arbitrary HTML and JavaScript [1].
Exploitation
An attacker can trigger this vulnerability remotely by crafting a malicious input that is reflected in the page title. No authentication is required; the attack can be delivered via a crafted URL or other means that causes the application to render the malicious payload [1].
Impact
Successful exploitation results in arbitrary web script execution in the context of the victim's browser. This can lead to data theft, session hijacking, or defacement [1].
Mitigation
The issue is patched in version 84.2.0, released April 23, 2022 [2]. Users should upgrade to this version or later. No workarounds are documented [1][2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=84.1.x
- Boston Sleep/slicev5Range: 84.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/sleepepi/slice/commit/6523bb17d889e2ab13d767f38afefdb37083f1d0mitremitigationpatch
- github.com/sleepepi/slice/releases/tag/v84.2.0mitremitigation
- vuldb.commitretechnical-descriptionvdb-entry
News mentions
0No linked articles in our index yet.