VYPR
Moderate severityNVD Advisory· Published Aug 8, 2023· Updated Oct 10, 2024

CVE-2023-38758

CVE-2023-38758

Description

Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
wgerPyPI
<= 2.2.0a3

Affected products

2
  • wger Project/wger Workout Managerdescription
  • ghsa-coords
    Range: <= 2.2.0a3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.