Headline
GHSA-5c8p-qhch-qhx6: Deluge Web-UI vulnerable to XSS through a crafted torrent file
The Deluge Web-UI is vulnerable to cross-site scripting through a crafted torrent file. The the data from torrent files is not properly sanitised as it’s interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user’s browser session.
Deluge Web-UI vulnerable to XSS through a crafted torrent file
Moderate severity GitHub Reviewed Published Aug 27, 2022 • Updated Sep 1, 2022
Related news
Gentoo Linux Security Advisory 202210-7 - A vulnerability has been found in Deluge which could result in XSS. Versions less than 2.1.1 are affected.
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.