CVE-2011-0728

Michael Hudson-doyle Loggerhead < 1.18 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view.

References (12)

[Vendor Advisory] http://secunia.com/advisories/43822

[Third Party Advisory, VDB Entry] http://www.osvdb.org/71279

[Patch] https://bugs.launchpad.net/loggerhead/+bug/740142

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/66305

[Patch] https://launchpad.net/loggerhead/1.18/1.18.1

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/47032

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057413.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html

[Third Party Advisory] http://secunia.com/advisories/44017

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0848

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0849

Scores

EPSS 0.0042

EPSS Percentile 61.7%

Classification

CWE

CWE-79

Status published

Affected Products (7)

michael_hudson-doyle/loggerhead < 1.18

michael_hudson-doyle/loggerhead

pypi/loggerhead < 1.18.1PyPI

n/a/n/a

Timeline

Published Mar 29, 2011

Tracked Since Feb 18, 2026