Описание
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 0.3.4-2 |
| hardy | ignored | end of life |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | released | 0.2.5-2ubuntu1.3 |
| maverick | not-affected | 0.3.4-2 |
| natty | not-affected | 0.3.4-2 |
| oneiric | not-affected | 0.3.4-2 |
| upstream | released | 0.3.4 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
Mako before 0.3.4 relies on the cgi.escape function in the Python stan ...
Mako contains Cross-site Scripting vulnerability
EPSS
4.3 Medium
CVSS2