Vulnerability in SimpleMen project

[ankitdn]

While working in SimpleMen project, I found that the application uses nltk, which is affected by a reflected XSS vulnerability (CVE-2026-33230). The issue exists in the WordNet web app (lookup_ route), where user-controlled input is reflected into HTML without proper sanitization. This allows attackers to inject malicious scripts, potentially leading to unauthorized actions or data exposure in the user’s browser.

CVE LINK
CVE Report

[InfiniteLoopCoder]

Thank you for reporting this! We'll look into the CVE-2026-33230 vulnerability and assess its impact on our project. We appreciate your effort in helping improve the security of SimpleMem.