—

PYSEC-2005-1

Details

Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / trac

Introduced in: 0 Fixed in: 0.10

Fix pip install --upgrade 'trac>=0.10'

References

http://projects.edgewall.com/trac/ticket/2473 [WEB]
http://www.securityfocus.com/bid/16198 [WEB]
http://secunia.com/advisories/18465 [ADVISORY]
http://www.debian.org/security/2006/dsa-951 [ADVISORY]
http://secunia.com/advisories/18555 [ADVISORY]
http://trac.edgewall.org/ticket/2473 [WEB]
http://www.vupen.com/english/advisories/2006/0226 [ADVISORY]
https://exchange.xforce.ibmcloud.com/vulnerabilities/24183 [WEB]
https://github.com/advisories/GHSA-6vhp-hp77-6w52 [ADVISORY]