{"data":{"id":"41eaa91c-f59f-46b7-b23a-03c8d55c2be9","title":"CVE-2023-27494: Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in ve","summary":"Streamlit, software that converts data scripts into web applications, had a cross-site scripting vulnerability (XSS, where an attacker injects malicious code that runs in a user's browser) in versions 0.63.0 through 0.80.0. An attacker could craft a malicious URL containing JavaScript code, trick a user into clicking it, and the Streamlit server would execute that code in the victim's browser.","solution":"Update to version 0.81.0, which contains a patch for this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-27494","publishedAt":"2023-03-17T01:15:13.270Z","cveId":"CVE-2023-27494","cweIds":["CWE-79"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Streamlit"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00817,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}