CVE-2007-1405 – trac

Package

Manager: pip
Name: trac
Vulnerable Version: >=0 <0.10.3.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00351 pctl0.56844

Details

Trac Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Metadata

Created: 2022-05-01T17:53:21Z
Modified: 2024-11-18T20:57:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w7x2-57f7-3p3x/GHSA-w7x2-57f7-3p3x.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-w7x2-57f7-3p3x
Finding: F008
Auto approve: 1