{"vulnerability": "CVE-2021-23824", "sightings": [{"uuid": "f6cd71d5-a22c-4672-a545-aea8ff0b0ad6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23824", "type": "seen", "source": "https://t.me/cibsecurity/35413", "content": "\u203c CVE-2021-23824 \u203c\n\nThis affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-13T18:18:28.000000Z"}]}