GHSA-6vhp-hp77-6w52
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6vhp-hp77-6w52
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6vhp-hp77-6w52/GHSA-6vhp-hp77-6w52.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6vhp-hp77-6w52
- Aliases
- Published
- 2022-05-01T02:29:20Z
- Modified
- 2024-11-18T20:49:45Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Trac HTML WikiProcessor cross-site scripting (XSS) vulnerability
- Details
-
Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.
- Database specific
{ "github_reviewed_at": "2024-04-29T14:29:37Z", "severity": "MODERATE", "nvd_published_at": "2005-12-31T05:00:00Z", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2005-4644
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24183
- https://github.com/pypa/advisory-database/tree/main/vulns/trac/PYSEC-2005-1.yaml
- https://web.archive.org/web/20140722192945/http://secunia.com/advisories/18465
- https://web.archive.org/web/20151104154255/http://secunia.com/advisories/18555
- https://web.archive.org/web/20200302063657/http://www.securityfocus.com/bid/16198
- http://projects.edgewall.com/trac/ticket/2473
- http://trac.edgewall.org/ticket/2473
- http://www.debian.org/security/2006/dsa-951
Affected packages
PyPI / trac
Package
- Name
- trac
- View open source insights on deps.dev
- Purl
- pkg:pypi/trac