Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 04:21
Type | Values Removed | Values Added |
---|---|---|
Summary | Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element. | |
References |
|
02 Feb 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2010-2480 Python-Mako (prior v0.3.4): Improper escaping of single quotes in escape.cgi (XSS) |
Information
Published : 2010-07-02 19:00
Updated : 2023-12-10 11:03
NVD link : CVE-2010-2480
Mitre link : CVE-2010-2480
CVE.ORG link : CVE-2010-2480
JSON object : View
Products Affected
makotemplates
- mako
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')