Looking for the vulnerability index of Invicti's legacy products?
Python Improper Encoding or Escaping of Output Vulnerability - CVE-2026-6019 - Vulnerability Database

Python Improper Encoding or Escaping of Output Vulnerability - CVE-2026-6019

Medium
Reference: CVE-2026-6019
Title: Python Improper Encoding or Escaping of Output Vulnerability
Overview:

http.cookies.Morsel.js_output() returns an inline ltscriptgt snippet and only escapes quot for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence lt/scriptgt inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.