Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0728

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2011-0728
Last Modified 06 Sep 2011 11:14:48
Published 29 Mar 2011 02:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-0728

Summary

Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view.

Vulnerable Systems

Application

  • Michael Hudson-doyle Loggerhead 1.10

  • Michael Hudson-doyle Loggerhead 1.17

  • Michael Hudson-doyle Loggerhead 1.18

  • Michael Hudson-doyle Loggerhead 1.6

  • Michael Hudson-doyle Loggerhead 1.6.1


References

CONFIRM - https://launchpad.net/loggerhead/1.18/1.18.1

CONFIRM - https://bugs.launchpad.net/loggerhead/+bug/740142

XF - loggerhead-filename-xss(66305)

VUPEN - ADV-2011-0849

VUPEN - ADV-2011-0848

BID - 47032

OSVDB - 71279

SECUNIA - 44017

SECUNIA - 43822

FEDORA - FEDORA-2011-4107

FEDORA - FEDORA-2011-4085

FEDORA - FEDORA-2011-4050


Last Updated: 27 May 2016 10:56:02