ALT-PU-2022-2154-2

Package update deluge in branch sisyphus

Version2.1.0-alt1

Published2026-02-04

Max severityMEDIUM

Severity:

Closed issues (2)

MEDIUM6.1

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.

Published: 2022-08-26Modified: 2024-11-21

CVSS 3.xMEDIUM 6.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

GHSA-5c8p-qhch-qhx6

MEDIUM5.3

Deluge Web-UI vulnerable to XSS through a crafted torrent file

Published: 2022-08-27Modified: 2024-09-16

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS 4.0MEDIUM 5.3

CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

References