CVE-2020-11944

Published April 20th, 2020

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception.

bitcoin-abe/bitcoin-abe

Abe: block browser for Bitcoin and similar currencies

GitHub

981