Vulnerability Description
Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Michael Hudson-Doyle | Loggerhead | <= 1.18 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057413.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html
- http://secunia.com/advisories/43822Vendor Advisory
- http://secunia.com/advisories/44017
- http://www.osvdb.org/71279
- http://www.securityfocus.com/bid/47032
- http://www.vupen.com/english/advisories/2011/0848
- http://www.vupen.com/english/advisories/2011/0849
- https://bugs.launchpad.net/loggerhead/+bug/740142Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66305
- https://launchpad.net/loggerhead/1.18/1.18.1Patch
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057413.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html
FAQ
What is CVE-2011-0728?
CVE-2011-0728 is a vulnerability with a CVSS score of 3.5 (LOW). Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not prope...
How severe is CVE-2011-0728?
CVE-2011-0728 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0728?
Check the references section above for vendor advisories and patch information. Affected products include: Michael Hudson-Doyle Loggerhead.