Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:10779
HistoryJan 15, 2019 - 8:52 a.m.

Cross-site Scripting (XSS)

2019-01-1508:52:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

Python SimpleHTTPServer is vulnerable to cross-site scripting (XSS). The list_directory function in Lib/SimpleHTTPServer.py does not set a charset parameter in the Content-Type HTTP header, allowing an attacker to inject arbitrary Javascript through UTF-7 encoding into Internet Explorer 7 browser via a malicious file name that is uploaded to the server.

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%