Pyload
CVE-2023-0488
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.
AnalysisAI
Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. Affected products include: Pyload, Pyload-Ng Project Pyload-Ng. Version information: prior to 0.5.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. Rated critical severity (CVSS 9.8), this vulne
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. Rated critical severity (CVSS 9.8),
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely e
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40. Rated high severity (CVSS 7.5), thi
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44. Rated high severity (CVSS 7.4
pyload is an open-source Download Manager written in pure Python. Rated high severity (CVSS 7.2), this vulnerability is
Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36. Rated medium severity (CVSS 6
An open redirection vulnerability exists in pyload/pyload version 0.5.0. Rated medium severity (CVSS 6.1), this vulnerab
pyLoad is an open-source Download Manager written in pure Python. Rated medium severity (CVSS 6.1), this vulnerability i
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today