Trape Project: >> Trape >> 2019-05-08 Security Vulnerabilities
Trape through 2019-05-08 has SQL injection via the data[2] variable in core/db.py, as demonstrated by the /bs t parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-10
A cross-site scripting (XSS) vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend() method is used.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-07-10