CVE-2008-2951 – trac

Package

Manager: pip
Name: trac
Vulnerable Version: >=0 <0.10.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.006 pctl0.68506

Details

Trac Open Redirect vulnerability Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.

Metadata

Created: 2022-05-01T23:55:06Z
Modified: 2025-04-09T18:53:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rcmj-xp8f-f6q4/GHSA-rcmj-xp8f-f6q4.json
CWE IDs: ["CWE-20", "CWE-601"]
Alternative ID: GHSA-rcmj-xp8f-f6q4
Finding: F156
Auto approve: 1