CVE-2010-2480

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
makotemplatesmako
𝑥
≤ 0.3.3
makotemplatesmako
0.1.0
makotemplatesmako
0.1.1
makotemplatesmako
0.1.2
makotemplatesmako
0.1.3
makotemplatesmako
0.1.4
makotemplatesmako
0.1.5
makotemplatesmako
0.1.6
makotemplatesmako
0.1.7
makotemplatesmako
0.1.8
makotemplatesmako
0.1.9
makotemplatesmako
0.1.10
makotemplatesmako
0.2.0
makotemplatesmako
0.2.1
makotemplatesmako
0.2.2
makotemplatesmako
0.2.3
makotemplatesmako
0.2.4
makotemplatesmako
0.2.5
makotemplatesmako
0.2.6
makotemplatesmako
0.3
makotemplatesmako
0.3.1
makotemplatesmako
0.3.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mako
bullseye
1.1.3+ds1-2
fixed
lenny
no-dsa
bookworm
1.2.4+ds-1
fixed
sid
1.3.5-1.1
fixed
trixie
1.3.5-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mako
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
Fixed 0.2.5-2ubuntu1.3
released
karmic
ignored
jaunty
ignored
hardy
ignored
dapper
dne
Common Weakness Enumeration
References
http://bugs.python.org/issue9061
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://secunia.com/advisories/39935
http://www.makotemplates.org/CHANGES
http://bugs.python.org/issue9061
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://secunia.com/advisories/39935
http://www.makotemplates.org/CHANGES