Suggestions search

All statuses

Filter by:

With package: wlc

Found 2 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-42150

5.1 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): High (H)
User Interaction (UI): Required (R)
Scope (S): Changed (C)
Confidentiality (C): Low (L)
Integrity (I): Low (L)
Availability (A): Low (L)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): High (H)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): Low (L)
Modified Availability (MA): Low (L)

created 2 weeks, 3 days ago Activity log

Created suggestion 2 weeks, 3 days ago

wlc: print_html outputs API data without HTML escaping, enabling stored XSS

wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0.

References

https://github.com/WeblateOrg/wlc/security/advisories/GHSA-gx2m-mcc2-r4p3 x_refsource_CONFIRM
https://github.com/WeblateOrg/wlc/pull/1327 x_refsource_MISC
https://github.com/WeblateOrg/wlc/commit/0f3e58f6d7457b05d48ef40f579a172c4c8b8469 x_refsource_MISC
https://github.com/WeblateOrg/wlc/releases/tag/2.0.0 x_refsource_MISC

Affected products

wlc

==< 2.0.0

Matching in nixpkgs

pkgs.wlc

Weblate commandline client using Weblate's REST API

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.11 1.17.2
- nixos-25.11-small 1.17.2
- nixpkgs-25.11-darwin 1.17.2

pkgs.wlcs

Wayland Conformance Test Suite

nixos-unstable 1.8.1
- nixpkgs-unstable 1.8.1
- nixos-unstable-small 1.8.1
nixos-25.11 1.8.1
- nixos-25.11-small 1.8.1
- nixpkgs-25.11-darwin 1.8.1

pkgs.wlclock

Digital analog clock for Wayland desktops

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1
nixos-25.11 1.0.1
- nixos-25.11-small 1.0.1
- nixpkgs-25.11-darwin 1.0.1

pkgs.imewlconverter

FOSS program for converting IME dictionaries

nixos-unstable 3.3.0
- nixpkgs-unstable 3.3.0
- nixos-unstable-small 3.3.0
nixos-25.11 3.3.0
- nixos-25.11-small 3.3.0
- nixpkgs-25.11-darwin 3.3.0

Package maintainers

@xddxdd Yuhui Xu <b980120@hotmail.com>
@paperdigits Mica Semrick <mica@silentumbrella.com>
@NomisIV Simon Gutgesell <simon@nomisiv.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>

Published

Permalink CVE-2026-23535

8.0 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): Low (L)
User Interaction (UI): Required (R)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 4 months, 1 week ago by @LeSuisse Activity log

Created suggestion 4 months, 1 week ago
@LeSuisse ignored
3 packages
- wlcs
- wlclock
- imewlconverter
4 months, 1 week ago
@LeSuisse accepted 4 months, 1 week ago
@LeSuisse published on GitHub 4 months, 1 week ago

wlc Path traversal: Unsanitized API slugs in download command

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2.