oss-sec mailing list archives
CVE Request -- Python-Mako (prior v0.3.4): Improper escaping of single quotes in escape.cgi (XSS)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 30 Jun 2010 18:20:18 +0200
Hi Steve, vendors, Craig Younkins reported: [1] http://bugs.python.org/issue9061 that Python Mako (of versions prior v0.3.4), a template library written in Python, improperly escaped single quotes in escape.cgi. An attacker could use this flaw to conduct cross-site scripting (XSS) attacks. References: [2] http://www.makotemplates.org/CHANGES Sample public PoC (from [1]): Proof of concept: print """<body class='%s'></body>""" % cgi.escape("' onload='alert(1);' bad='") Could you allocate a CVE id for this? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Python-Mako (prior v0.3.4): Improper escaping of single quotes in escape.cgi (XSS) Jan Lieskovsky (Jun 30)