CVE-2010-2480

Mako < 0.3.3 - XSS

Title source: rule

Description

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.

References (4)

[Various Sources] http://bugs.python.org/issue9061

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

[Vendor Advisory] http://secunia.com/advisories/39935

[Various Sources] http://www.makotemplates.org/CHANGES

Scores

EPSS 0.0036

EPSS Percentile 57.9%

Classification

CWE

CWE-79

Status published

Affected Products (24)

makotemplates/mako < 0.3.3

makotemplates/mako

makotemplates/mako

makotemplates/mako

makotemplates/mako

makotemplates/mako

makotemplates/mako

makotemplates/mako

makotemplates/mako

makotemplates/mako

makotemplates/mako

makotemplates/mako

makotemplates/mako

makotemplates/mako

makotemplates/mako

... and 9 more

Timeline

Published Jul 02, 2010

Tracked Since Feb 18, 2026