← Back to CVE List

CVE-2023-27494

Published: 2023-03-16T21:15Z
Last Modified: 2024-11-21T07:53Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. Users of hosted Streamlit app(s) were vulnerable to a reflected XSS vulnerability. An attacker could craft a malicious URL with Javascript payloads to a Streamlit app. The attacker could then trick the user into visiting the malicious URL and, if successful, the server would render the malicious javascript payload as-is, leading to XSS. Version 0.81.0 contains a patch for this vulnerability. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt