CVE-2007-1405

Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Published: Mar 10, 2007
Updated: Nov 9, 2025
CVE: CVE-2007-1405
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
edgewall_software / trac	0.10.3	0.10.3.x
edgewall_software / trac	0.10	0.10.x
edgewall_software / trac	0.10.2	0.10.2.x
edgewall_software / trac	0.10.1	0.10.1.x

http://secunia.com/advisories/24470
http://trac.edgewall.org/wiki/ChangeLog
http://www.securityfocus.com/bid/22888
http://www.vupen.com/english/advisories/2007/0900
https://exchange.xforce.ibmcloud.com/vulnerabilities/32897

Vulnerability Database

CVE-2007-1405

Deep Security Visibility Without the Complexity