Safety vulnerability ID: 73295
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Confidant affected versions contain a critical Cross-Site Scripting (XSS) vulnerability affecting multiple API endpoints for credential and service operations. This stored XSS flaw enables authenticated attackers with credential creation privileges to inject malicious scripts, potentially compromising other users' sessions, stealing sensitive information, or executing unauthorized actions. Inadequate input sanitization and improper content-type headers in API responses cause this vulnerability. Developers have patched the issue by implementing robust XSS protection measures, including security headers and proper content-type settings for API responses.
Latest version: 6.6.1
A secret management system and client.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application