Description
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message.
Remediation
References
Related Vulnerabilities
WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (3.2.6)
WordPress Plugin AdSense Manager Cross-Site Scripting (4.0.3)
WordPress Plugin File Browser, Manager, Backup (+ Database) Security Bypass (1.23)
WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)
WordPress Plugin SEO Ultimate 'wp-admin/post.php' Cross-Site Scripting (6.9.1)