Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the `license_author `field in the add-ingredient function in the `templates/ingredients/view.html`, `models/ingredients.py`, and `views/ingredients.py` components.

Affected Packages

PyPI wger

Affected versions: 0 (last affected: 2.2.0a3)

Related CVEs

CVE-2023-38758

Key Information

GHSA ID

GHSA-8m9p-3926-gffr

Published

August 8, 2023 6:30 PM

Last Modified

November 19, 2024 7:14 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

wger

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 30, 2025 6:36 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.