CVE-2023-27494

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-9c6g-qpgj-rvxw", "name": "https://github.com/streamlit/streamlit/security/advisories/GHSA-9c6g-qpgj-rvxw", "tags": [], "refsource": "MISC"}, {"url": "https://github.com/streamlit/streamlit/commit/afcf880c60e5d7538936cc2d9721b9e1bc02b075", "name": "https://github.com/streamlit/streamlit/commit/afcf880c60e5d7538936cc2d9721b9e1bc02b075", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit app(s) were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to a Streamlit app. The attacker could then trick the user into visiting the malicious URL and, if successful, the server would render the malicious javascript payload as-is, leading to XSS. Version 0.81.0 contains a patch for this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-27494", "ASSIGNER": "security-advisories@github.com"}}, "impact": {}, "publishedDate": "2023-03-16T21:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-17T04:04Z"}