CVE-2011-0728

2011-03-2918:55:01

CWE-79

canonical

web.nvd.nist.gov

cve-2011-0728

cross-site scripting

xss

templatefunctions.py

loggerhead

web script injection

html injection

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

45.1%

JSON

Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view.

Affected configurations

Nvd

Node

michael_hudson-doyleloggerheadRange≤1.18

michael_hudson-doyleloggerheadMatch1.6

michael_hudson-doyleloggerheadMatch1.6.1

michael_hudson-doyleloggerheadMatch1.10

michael_hudson-doyleloggerheadMatch1.17

VendorProductVersionCPE
michael_hudson-doyleloggerhead*cpe:2.3:a:michael_hudson-doyle:loggerhead:*:*:*:*:*:*:*:*
michael_hudson-doyleloggerhead1.6cpe:2.3:a:michael_hudson-doyle:loggerhead:1.6:*:*:*:*:*:*:*
michael_hudson-doyleloggerhead1.6.1cpe:2.3:a:michael_hudson-doyle:loggerhead:1.6.1:*:*:*:*:*:*:*
michael_hudson-doyleloggerhead1.10cpe:2.3:a:michael_hudson-doyle:loggerhead:1.10:*:*:*:*:*:*:*
michael_hudson-doyleloggerhead1.17cpe:2.3:a:michael_hudson-doyle:loggerhead:1.17:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
michael_hudson-doyle	loggerhead	*	cpe:2.3:a:michael_hudson-doyle:loggerhead::::::::
michael_hudson-doyle	loggerhead	1.6	cpe:2.3:a:michael_hudson-doyle:loggerhead:1.6:::::::*
michael_hudson-doyle	loggerhead	1.6.1	cpe:2.3:a:michael_hudson-doyle:loggerhead:1.6.1:::::::*
michael_hudson-doyle	loggerhead	1.10	cpe:2.3:a:michael_hudson-doyle:loggerhead:1.10:::::::*
michael_hudson-doyle	loggerhead	1.17	cpe:2.3:a:michael_hudson-doyle:loggerhead:1.17:::::::*