CVE-2010-2480
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
02/07/2010
Last modified:
11/04/2025
Description
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:makotemplates:mako:*:*:*:*:*:*:*:* | 0.3.3 (including) | |
| cpe:2.3:a:makotemplates:mako:0.1.0:-:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.1.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.1.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.1.9:*:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.1.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:makotemplates:mako:0.2.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugs.python.org/issue9061
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://secunia.com/advisories/39935
- http://www.makotemplates.org/CHANGES
- http://bugs.python.org/issue9061
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://secunia.com/advisories/39935
- http://www.makotemplates.org/CHANGES