CVE-2009-4924

DAN Pascu Python-cjson < 1.1.0 - XSS

Title source: rule

Description

Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.

References (2)

[Various Sources] http://pypi.python.org/pypi/python-cjson/

[Various Sources] http://t3.dotgnu.info/blog/insecurity/quotes-dont-help.html

Scores

EPSS 0.0024

EPSS Percentile 47.5%

Classification

CWE

CWE-79

Status published

Affected Products (3)

dan_pascu/python-cjson

pypi/python-cjson < 1.1.0PyPI

n/a/n/a

Timeline

Published Jul 02, 2010

Tracked Since Feb 18, 2026