Headline

GHSA-5c8p-qhch-qhx6: Deluge Web-UI vulnerable to XSS through a crafted torrent file

The Deluge Web-UI is vulnerable to cross-site scripting through a crafted torrent file. The the data from torrent files is not properly sanitised as it’s interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user’s browser session.

2 years ago

ghsa

Open in Source

#xss #web #git #java #perl

Deluge Web-UI vulnerable to XSS through a crafted torrent file

Moderate severity GitHub Reviewed Published Aug 27, 2022 • Updated Sep 1, 2022

Gentoo Linux Security Advisory 202210-7 - A vulnerability has been found in Deluge which could result in XSS. Versions less than 2.1.1 are affected.

2 years ago

Packet Storm

Open in Source

#xss #vulnerability #web #mac #linux

CVE-2021-3427: [Deluge] #3460: XSS via malicious .torrent file

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #google #git #java #perl