MEDIUM 5.4

PYSEC-2026-138

Details

A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / tendenci

Introduced in: 0

No fixed version published yet for tendenci (pip). Pin to a known-safe version or switch to an alternative.

References

https://github.com/emirhanyucelll/tendenci/blob/main/Readme.md [EVIDENCE]