4 matches found
Security fix for the ALT Linux 5 package python-module-mako version 0.2.5-alt1.M51.1
Oct. 2, 2010 Vladimir Lettiev 0.2.5-alt1.M51.1 - Fixed CVE-2010-2480 - XSS via inadequate escaping patch from ubuntu + lib/mako/filters.py: use xml.sax.saxutils.escape instead of cgi.escape so we can escape single quotes...
[USN-996-1] Mako vulnerability
=========================================================== Ubuntu Security Notice USN-996-1 September 29, 2010 mako vulnerability CVE-2010-2480 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.04 LTS This advisory also...
CVE-2010-2480
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting XSS protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element...
CVE-2010-2480
CVE-2010-2480 affects the Mako templating library (before 0.3.4) which relied on Python’s cgi.escape for XSS protection. This can enable remote XSS via single-quote vectors and a BODY onLoad handler. Connected advisories document that fixes include upgrading to 0.3.4+ or applying patches (e.g., r...