PYSEC-2010-1

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting XSS protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element...

CVE-2010-2480

CVE-2010-2480 affects the Mako templating library (before 0.3.4) which relied on Python’s cgi.escape for XSS protection. This can enable remote XSS via single-quote vectors and a BODY onLoad handler. Connected advisories document that fixes include upgrading to 0.3.4+ or applying patches (e.g., r...