{"id":"PYSEC-2018-54","details":"helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL.","aliases":["CVE-2018-16516","GHSA-894g-6j7q-2hx6"],"modified":"2023-11-08T04:00:01.239033Z","published":"2018-09-05T14:29:00Z","references":[{"type":"WEB","url":"https://github.com/flask-admin/flask-admin/pull/1699"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZU2VKULURVXEU4YFTLMBQGYMPSXQ4MBN/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIYCWIH3BRLI2QNC53CQXLKVP27X7EH/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-894g-6j7q-2hx6"}],"affected":[{"package":{"name":"flask-admin","ecosystem":"PyPI","purl":"pkg:pypi/flask-admin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.3"}]}],"versions":["0.1","0.1.1","0.1.2","0.1.3","0.1.4","0.2.0","0.2.1","0.2.2","0.3.0","0.4.0","0.4.1","0.4.2","1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.2.0","1.3.0","1.4.0","1.4.1","1.4.2","1.5.0","1.5.1","1.5.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/flask-admin/PYSEC-2018-54.yaml"}}],"schema_version":"1.7.3"}