Описание
Cross-site scripting (XSS) vulnerability in standard_error_message.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 0.53-0ubuntu2 |
| devel | released | 0.53-0ubuntu2 |
| edgy | released | 0.53-0ubuntu2 |
| feisty | released | 0.53-0ubuntu2 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in standard_error_message.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message.
Cross-site scripting (XSS) vulnerability in standard_error_message.dtm ...
Cross-site scripting (XSS) vulnerability in standard_error_message.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message.
EPSS
6.8 Medium
CVSS2