Description

Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting (XSS) vulnerability exists in the {% attrs %} template tag of the slippers Django package. When a context variable containing untrusted data is passed to {% attrs %}, the value is interpolated into an HTML attribute string without escaping, allowing an attacker to break out of the attribute context and inject arbitrary HTML or JavaScript into the rendered page. This issue has been patched in version 0.6.3.

INFO

Published Date :

2026-03-31T15:33:17.644Z

Last Modified :

2026-03-31T17:21:50.192Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34231 vulnerability.

Vendors Products
Django
  • Slippers
Mixxorz
  • Slippers
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34231.

URL Resource
https://github.com/mixxorz/slippers/commit/16cc4ef4fa8ad2f7aee30798f16c3e7b653423b2 cve-icon cve-icon
https://github.com/mixxorz/slippers/releases/tag/0.6.3 cve-icon cve-icon
https://github.com/mixxorz/slippers/security/advisories/GHSA-w7rv-gfp4-j9j3 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact