Python's Official Docs Contain Textbook XSS Vulnerability

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Python's Official Docs Contain Textbook XSS Vulnerability

2025-02-23

Security researcher Georgi Guninski discovered a critical cross-site scripting (XSS) vulnerability in a code example within the Python 3.12 official documentation's CGI module. The vulnerability stems from directly outputting user-supplied form data without any sanitization. This poses a significant risk to Python web development and potentially impacts AI-generated code like that from ChatGPT and Deepseek. While the CGI module is removed in Python 3.13, a substantial amount of legacy code remains vulnerable.

(seclists.org)

Development

Pitt Freezes PhD Admissions Amidst NIH Funding Uncertainty

Stop Asking 'Can I?', Start Saying 'I Will': A Bias for Action