Python-cjson 1.0.5 does not properly handle a [‘/’] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.
CPE | Name | Operator | Version |
---|---|---|---|
python-cjson | eq | 1.0.0 | |
python-cjson | eq | 1.0.4 | |
python-cjson | eq | 1.0.2 | |
python-cjson | eq | 1.0.1 | |
python-cjson | eq | 1.0.3 | |
python-cjson | eq | 1.0.5 |