Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Jcharis Machine-Learning-Web-Apps: Malicious Code Injection Possible
CVE-2026-3962
Summary
A security flaw in Jcharis Machine-Learning-Web-Apps could allow hackers to inject malicious code into your website, potentially compromising user data. This issue affects older versions of the software, and a public exploit is available. Upgrade to the latest version to fix the issue, but note that version details are not publicly available due to the project's rolling release strategy.
Original title
A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render_template of the file Machine-Learning...
Original description
A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function render_template of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template Handler. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
nvd CVSS2.0
5.0
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026