PublicDateAtUSN: 2010-07-02
Candidate: CVE-2010-2480
PublicDate: 2010-07-02 19:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2480
 https://ubuntu.com/security/notices/USN-996-1
Description:
 Mako before 0.3.4 relies on the cgi.escape function in the Python standard
 library for cross-site scripting (XSS) protection, which makes it easier
 for remote attackers to conduct XSS attacks via vectors involving
 single-quote characters and a JavaScript onLoad event handler for a BODY
 element.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.python.org/issue9061
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mako:
upstream_mako: released (0.3.4)
dapper_mako: DNE
hardy_mako: ignored (reached end-of-life)
jaunty_mako: ignored (reached end-of-life)
karmic_mako: ignored (reached end-of-life)
lucid_mako: released (0.2.5-2ubuntu1.3)
maverick_mako: not-affected (0.3.4-2)
natty_mako: not-affected (0.3.4-2)
oneiric_mako: not-affected (0.3.4-2)
devel_mako: not-affected (0.3.4-2)