Vulnerabilities

CVE-2010-2480

by Fred · 02/07/2010

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.

Date published : 2010-07-02

http://www.makotemplates.org/CHANGES

http://bugs.python.org/issue9061

Similar

Tags: Cybersecurity Alert