GHSA-w7x2-57f7-3p3x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w7x2-57f7-3p3x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w7x2-57f7-3p3x/GHSA-w7x2-57f7-3p3x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w7x2-57f7-3p3x
- Aliases
- Published
- 2022-05-01T17:53:21Z
- Modified
- 2024-11-18T21:10:00.484316Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Trac Cross-site Scripting (XSS) vulnerability
- Details
-
Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2007-1405
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32897
- https://github.com/pypa/advisory-database/tree/main/vulns/trac/PYSEC-2007-2.yaml
- https://web.archive.org/web/20080801205940/http://secunia.com/advisories/24470
- https://web.archive.org/web/20200228104401/http://www.securityfocus.com/bid/22888
- http://trac.edgewall.org/wiki/ChangeLog
Affected packages
PyPI / trac
Package
- Name
- trac
- View open source insights on deps.dev
- Purl
- pkg:pypi/trac