Cross-site Scripting (XSS) - Generic in cmason3/jinjafx


Reported on

Feb 22nd 2021

:book: Description

JinjaFx is a Templating Tool that uses Jinja2 as the templating engine. It is written in Python and is extremely lightweight and hopefully simple - it doesn't require any Python modules that aren't in the base install, with the exception of jinja2 for obvious reasons, this package is vulnerable for arbitaryCodeexecution

:recycle: Steps To Reproduce-:

  1. git clone
  2. run as in poc.png poc

:telescope: POC


💥 Impact

Arbitary code execution

to join this conversation