Описание
Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| trac | fixed | 0.9.3-1 | package | |
| trac | unfixed | sarge | package |
Примечания
upstream bts at http://trac.edgewall.org/ticket/2473 claims this is
fixed in http://trac.edgewall.org/changeset/2724 but it's a fairly
invasive set of patches to backport. basically most instances
of input being escape()'d are no longer done so, and instead a
Markup() function replaces them, and special checks are done
on rendered HTML output to prevent XSS code from being displayed.
EPSS
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.
Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.
Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.
EPSS