CVE-2011-0728

Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view.
Cross-site Scripting
Severity
UNKNOWN
AV:N/AC:M/Au:S/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
michael_hudson-doyleloggerhead
𝑥
≤ 1.18
michael_hudson-doyleloggerhead
1.6
michael_hudson-doyleloggerhead
1.6.1
michael_hudson-doyleloggerhead
1.10
michael_hudson-doyleloggerhead
1.17
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
loggerhead
bullseye
1.19~bzr511-1
fixed
squeeze
no-dsa
bookworm
2.0.1+bzr541+ds-2
fixed
sid
2.0.1+bzr548-1
fixed
trixie
2.0.1+bzr548-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
loggerhead
maverick
Fixed 1.17+bzr424-1ubuntu1.1
released
lucid
Fixed 1.17+bzr400-1ubuntu0.1
released
karmic
Fixed 1.17-0ubuntu1.1
released
hardy
dne
dapper
dne