CVE-2026-33140

UNKNOWN 0.0

PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

14th

PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a stored Cross-Site Scripting (XSS) vulnerability in the HTML report generator. When PySpector scans a Python file containing JavaScript payloads (i.e. inside a string passed to eval() ), the flagged code snippet is interpolated into the HTML report without sanitization. Opening the generated report in a browser causes the embedded JavaScript to execute in the browser's local file context. This issue has been patched in version 0.1.7.

CWE	CWE-79
Vendor	parzivalhack
Product	pyspector
Published	Mar 20, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for parzivalhack pyspector

Be the first to know when new unknown vulnerabilities affecting parzivalhack pyspector are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ParzivalHack / PySpector

< 0.1.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/ParzivalHack/PySpector/security/advisories/GHSA-2gmv-2r3v-jxj2