Unrated severityNVD Advisory· Published Jun 28, 2024· Updated Aug 2, 2024

Persistent Cross-Site Scripting (XSS) in hushline inbox

CVE-2024-38521

Description

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the safe Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0.

Affected products

Scidsg/Hushlinev5
Range: < 0.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/scidsg/hushline/security/advisories/GHSA-4v8c-r6h2-fhh3mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000