CVE-2010-2477
Paste < 1.7.4 - Cross-Site Scripting via HTTP 404 Error Handling
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.
References (9)
Core 9
Core References
Mailing List x_refsource_confirm
http://groups.google.com/group/paste-users/browse_thread/thread/3b3fff3dadd0b1e5?pli=1
Mailing List mailing-list
x_refsource_mlist
http://groups.google.com/group/pylons-discuss/msg/8c256dc076a408d8?dmode=source&output=gplain
Various Sources x_refsource_confirm
http://pylonshq.com/articles/archives/2010/6/paste_174_released_addresses_xss_security_hole
Patch x_refsource_confirm
http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41160
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42500
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1026-1
Patch mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=127785414818815&w=2
Patch mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=127792576822169&w=2
Scores
EPSS
0.0052
EPSS Percentile
67.0%
Details
CWE
CWE-79
Status
published
Products (23)
pypi/paste
0 - 1.7.4PyPI
pythonpaste/paste
0.1.0
pythonpaste/paste
0.3
pythonpaste/paste
0.4.1
pythonpaste/paste
0.5
pythonpaste/paste
0.9.1
pythonpaste/paste
0.9.2
pythonpaste/paste
0.9.3
pythonpaste/paste
0.9.4
pythonpaste/paste
1.0.1
... and 13 more
Published
Nov 06, 2010
Tracked Since
Feb 18, 2026