CVE-2025-3841

MEDIUM Year: 2025
CVSS v3 Score
3.3
Low
CVSS v2 Score
1.7
Low
Weakness Type
CWE-791
View all →

Vulnerability Description

A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutralization of special elements used in a template engine. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Related Vulnerabilities

CVE-2024-8373

MEDIUM
CVSS:4.3(Medium)

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Conten...

CWE-7912024

CVE-2025-0716

MEDIUM
CVSS:4.8(Medium)

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form...

CWE-7912025

CVE-2024-47590

HIGH
CVSS:8.8(High)

An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page...

CWE-7912024

CVE-2022-2132

HIGH
CVSS:8.6(High)

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

CWE-7912022

CVE-2024-39283

HIGH
CVSS:7.8(High)

Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access...

CWE-7912024