Home

Description

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render_template of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template Handler. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

PUBLISHED Reserved 2026-03-11 | Published 2026-03-11 | Updated 2026-03-11 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
5.0AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Problem types

Cross Site Scripting

Code Injection

Product status

a6996b634d98ccec4701ac8934016e8175b60eb5
affected

Timeline

2026-03-11:Advisory disclosed
2026-03-11:VulDB entry created
2026-03-11:VulDB entry last update

Credits

ZAST.AI (VulDB User) reporter

References

vuldb.com/?id.350391 (VDB-350391 | Jcharis Machine-Learning-Web-Apps Jinja2 Template app.py render_template cross site scripting) vdb-entry technical-description

vuldb.com/?ctiid.350391 (VDB-350391 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.768226 (Submit #768226 | Jcharis Machine-Learning-Web-Apps <=1.0.0 Reflected XSS) third-party-advisory

github.com/Jcharis/Machine-Learning-Web-Apps/issues/15 issue-tracking

github.com/Jcharis/Machine-Learning-Web-Apps/issues/15 exploit issue-tracking

github.com/Jcharis/Machine-Learning-Web-Apps/ product

cve.org (CVE-2026-3962)

nvd.nist.gov (CVE-2026-3962)

Download JSON