MapProxy vulnerable to cross-site scripting in demo service

2022-05-1301:54:14

Google

osv.dev

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.3%

JSON

MapProxy version 1.11.1 and older are vulnerable to cross-site scripting in the demo service resulting in possible information disclosure. An incomplete fix was released in v1.10.4, and a complete fix was released in v1.11.1.

CPENameOperatorVersion
mapproxyeq1.1.1
mapproxyeq1.2.0
mapproxyeq1.8.1
mapproxyeq1.0.0
mapproxyeq0.8.2
mapproxyeq0.8.3
mapproxyeq1.8.0
mapproxyeq1.11.0
mapproxyeq1.3.0
mapproxyeq1.10.1

Name	Operator	Version
mapproxy	eq	1.1.1
mapproxy	eq	1.2.0
mapproxy	eq	1.8.1
mapproxy	eq	1.0.0
mapproxy	eq	0.8.2
mapproxy	eq	0.8.3
mapproxy	eq	1.8.0
mapproxy	eq	1.11.0
mapproxy	eq	1.3.0
mapproxy	eq	1.10.1