Home > Vulnerability Database > CVE-2024-23341

Mend.io Vulnerability Database

CVE-2024-23341

Good to know:

Date: January 23, 2024

TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using `tuitse_html` without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation.

Language: Python

Severity Score

6.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-23341

Url: https://github.com/i3thuan5/TuiTse-TsuSin/commit/9d21d99d7cfcd7c42aade251fab98ec102e730ea

Url: https://github.com/i3thuan5/TuiTse-TsuSin/pull/22

Url: https://github.com/i3thuan5/TuiTse-TsuSin/security/advisories/GHSA-m4m5-j36m-8x72

Url: https://www.mend.io/vulnerability-database/CVE-2024-23341

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version TuiTse-TsuSin - 1.3.2

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-23341

Good to know:

Date: January 23, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?