Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| ajenti(PyPI) | 0 | 1.2.21.7 | N/A |
CVSS Metrics
