EUVD-2010-0012

Malware in sbrugna...

GHSA-7GFC-2V6G-6W9F Paste is vulnerable to Cross-site Scripting via vectors involving a 404 status code

Multiple cross-site scripting XSS vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to 1 paste.urlparser.StaticURLParser, 2...

CVE-2010-2477

Multiple cross-site scripting XSS vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to 1 paste.urlparser.StaticURLParser, 2...

CVE-2010-2477

Multiple cross-site scripting XSS vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to 1 paste.urlparser.StaticURLParser, 2...

CVE-2010-2477

CVE-2010-2477 involves multiple XSS vulnerabilities in the paste.httpexceptions implementation of Paste before 1.7.4, enabling remote injection of script/HTML via 404-related vectors. Affected components include paste.urlparser.StaticURLParser, paste.urlparser.PkgResourcesParser, paste.urlmap.URL...

Fedora 13 : python-paste-1.7.4-1.fc13 (2010-10414)

1.7.4 The only real change is to paste.httpexceptions, which was using insecure quoting of some parameters and allowed an XSS hole, most specifically with its 404 messages. The most notably WSGI application using this is paste.urlparse.StaticURLParser and PkgResourcesParser. By directing someone ...