QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3427

Published: Aug 26, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.

Vendor	Product	Versions
n/a	Deluge-web	affected `Not-Known`

Weaknesses (CWE)

References

https://dev.deluge-torrent.org/ticket/3459

https://groups.google.com/g/deluge-dev/c/e5zh7wT0rEg

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.