'Re: [oss-security] CVE Request -- Python-Mako (prior v0.3.4):'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- Python-Mako (prior v0.3.4):
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-06-30 19:28:48
Message-ID: 2058498623.1644141277926128586.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2010-2480

Thanks.

-- 
    JB


----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:

> Hi Steve, vendors,
> 
>    Craig Younkins reported:
>      [1] http://bugs.python.org/issue9061
> 
>    that Python Mako (of versions prior v0.3.4), a template library
> written in Python,
>    improperly escaped single quotes in escape.cgi. An attacker could
> use this flaw to conduct
>    cross-site scripting (XSS) attacks.
> 
>    References:
>      [2] http://www.makotemplates.org/CHANGES
> 
> Sample public PoC (from [1]):
> 
>    Proof of concept:
>    print """<body class='%s'></body>""" % cgi.escape("'
> onload='alert(1);'
> bad='")
> 
> Could you allocate a CVE id for this?
> 
> Thanks && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic