Описание
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.7.15-4ubuntu4~18.04.2 |
| devel | DNE | |
| disco | released | 2.7.16-2ubuntu0.2 |
| eoan | not-affected | 2.7.17~rc1-1 |
| esm-apps/focal | not-affected | 2.7.17-1ubuntu5 |
| esm-apps/jammy | not-affected | 2.7.17-1ubuntu5 |
| esm-infra-legacy/trusty | released | 2.7.6-8ubuntu0.6+esm3 |
| esm-infra/bionic | released | 2.7.15-4ubuntu4~18.04.2 |
| esm-infra/xenial | released | 2.7.12-1ubuntu0~16.04.9 |
| focal | not-affected | 2.7.17-1ubuntu5 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | released | 3.4.3-1ubuntu1~14.04.7+esm4 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | released | 3.5.2-2ubuntu0~16.04.4~14.04.1+esm1 |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 3.5.2-2ubuntu0~16.04.9 |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.6.8-1~18.04.3 |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | released | 3.6.8-1~18.04.3 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| disco | released | 3.7.3-2ubuntu0.2 |
| eoan | not-affected | 3.7.5~rc1-1 |
| esm-apps/bionic | not-affected | 3.7.5-2ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| disco | ignored | end of life |
| eoan | not-affected | 3.8.0~rc1-1 |
| esm-apps/bionic | not-affected | 3.8.0-3 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | not-affected | 3.8.0~rc1-1 |
| focal | not-affected | 3.8.0~rc1-1 |
| groovy | not-affected | 3.8.0~rc1-1 |
| hirsute | DNE |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
The documentation XML-RPC server in Python through 2.7.16, 3.x through ...
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3