Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-2480

Опубликовано: 02 июл. 2010
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:makotemplates:mako:*:*:*:*:*:*:*:*
Версия до 0.3.3 (включая)
cpe:2.3:a:makotemplates:mako:0.1.0:-:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.1.4:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.1.5:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.1.6:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.1.7:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.1.8:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.1.9:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.1.10:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.2.6:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.3:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:makotemplates:mako:0.3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 49%
0.00257
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2010-2480

ubuntu
больше 15 лет назад

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.

redhat логотип

CVE-2010-2480

redhat
больше 15 лет назад

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.

debian логотип

CVE-2010-2480

debian
больше 15 лет назад

Mako before 0.3.4 relies on the cgi.escape function in the Python stan ...

github логотип

GHSA-7q8x-38mc-p84f

CVSS3: 6.1
github
больше 3 лет назад

Mako contains Cross-site Scripting vulnerability

EPSS

Процентиль: 49%
0.00257
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79