CVE-2026-3962 | Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5 Jinja2 Template app.py render_template cross site scripting (Issue 15)

A vulnerability described as problematic has been identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render_template of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template Handler. Such manipulation leads to cross site scripting.

This vulnerability is referenced as CVE-2026-3962. It is possible to launch the attack remotely. Furthermore, an exploit is available.

This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-3962 | Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5 Jinja2 Template app.py render_template cross site scripting (Issue 15)

Post correlati

CVE-2025-21659 | Linux Kernel up to 6.12.9 napi_by_id Privilege Escalation

CVE-2024-7442 | Vivotek SD9364 VVTK-0103f upload_file.cgi getenv QUERY_STRING command injection

CVE-2024-31345 | Sukhchain Singh Auto Poster Plugin up to 1.2 on WordPress unrestricted upload

CVE-2024-22592 | FlyCMS 1.0 group_update cross-site request forgery