Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02dmhwLWhwNzctNnc1Ms16SQ
Trac HTML WikiProcessor cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.
Permalink: https://github.com/advisories/GHSA-6vhp-hp77-6w52JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02dmhwLWhwNzctNnc1Ms16SQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 19 days ago
Identifiers: GHSA-6vhp-hp77-6w52, CVE-2005-4644
References:
- https://nvd.nist.gov/vuln/detail/CVE-2005-4644
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24183
- http://projects.edgewall.com/trac/ticket/2473
- http://trac.edgewall.org/ticket/2473
- http://www.debian.org/security/2006/dsa-951
- https://web.archive.org/web/20140722192945/http://secunia.com/advisories/18465
- https://web.archive.org/web/20151104154255/http://secunia.com/advisories/18555
- https://web.archive.org/web/20200302063657/http://www.securityfocus.com/bid/16198
- https://github.com/advisories/GHSA-6vhp-hp77-6w52
Affected Packages
pypi:trac
Dependent packages: 1Dependent repositories: 27
Downloads: 3,415 last month
Affected Version Ranges: < 0.9-stable
Fixed in: 0.9-stable
All affected versions:
All unaffected versions: 0.8.4, 0.11.1, 0.11.2, 0.11.3, 0.11.4, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.12.5, 0.12.6, 0.12.7, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.7, 1.0.8, 1.0.9, 1.0.10, 1.0.11, 1.0.12, 1.0.13, 1.0.14, 1.0.15, 1.0.17, 1.0.18, 1.0.19, 1.0.20, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.4.1, 1.4.2, 1.4.3, 1.4.4