Vulnerability Database
296,213
Total vulnerabilities in the database
CVE-2010-2480
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
| Software | From | Fixed in |
|---|---|---|
| makotemplates / mako | 0.2.3 | 0.2.3.x |
| makotemplates / mako | 0.1.3 | 0.1.3.x |
| makotemplates / mako | 0.2.2 | 0.2.2.x |
| makotemplates / mako | 0.1.2 | 0.1.2.x |
| makotemplates / mako | 0.1.9 | 0.1.9.x |
| makotemplates / mako | 0.3.2 | 0.3.2.x |
| makotemplates / mako | 0.2.4 | 0.2.4.x |
| makotemplates / mako | 0.1.10 | 0.1.10.x |
| makotemplates / mako | 0.1.8 | 0.1.8.x |
| makotemplates / mako | 0.1.5 | 0.1.5.x |
| makotemplates / mako | 0.1.0 | 0.1.0.x |
| makotemplates / mako | 0.2.5 | 0.2.5.x |
| makotemplates / mako | 0.3 | 0.3.x |
| makotemplates / mako | 0.1.7 | 0.1.7.x |
| makotemplates / mako | 0.3.1 | 0.3.1.x |
| makotemplates / mako | 0.2.0 | 0.2.0.x |
| makotemplates / mako | 0.1.4 | 0.1.4.x |
| makotemplates / mako | 0.2.1 | 0.2.1.x |
| makotemplates / mako | 0.1.6 | 0.1.6.x |
| makotemplates / mako | 0.2.6 | 0.2.6.x |
| makotemplates / mako | - | 0.3.3.x |
| makotemplates / mako | 0.1.1 | 0.1.1.x |
mako
|
- | 0.3.4 |
- http://bugs.python.org/issue9061
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://secunia.com/advisories/39935
- http://www.makotemplates.org/CHANGES
- https://access.redhat.com/security/cve/CVE-2010-2480
- https://bugs.python.org/issue9061
- https://bugzilla.redhat.com/show_bug.cgi?id=609573
- https://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- https://www.makotemplates.org/CHANGES