=====================================================================

                                CERT-Renater

                     Note d'Information No. 2021/VULN631
_____________________________________________________________________

DATE                : 25/11/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running django-helpdesk (pip) versions
                                      prior to 0.3.2.

=====================================================================
https://github.com/advisories/GHSA-vfrc-ggmc-5jwv
_____________________________________________________________________


Cross-site Scripting in django-helpdesk
high severity  Published Nov 23, 2021 • Updated Nov 24, 2021


Vulnerability details

Package
django-helpdesk (pip)

Affected versions
< 0.3.2

Patched versions
0.3.2


Description

django-helpdesk is vulnerable to Improper Neutralization of Input During
Web Page Generation ('Cross-site Scripting')


References

     https://nvd.nist.gov/vuln/detail/CVE-2021-3950
     django-helpdesk/django-helpdesk@04483bd
     https://github.com/django-helpdesk/django-helpdesk/releases/tag/0.3.2
     https://huntr.dev/bounties/4d7a5fdd-b2de-467a-ade0-3f2fb386638e


CVE ID
CVE-2021-3950

CWEs
CWE-79

CVSS Score
8.8 High
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================