Candidate: CVE-2011-0728
PublicDate: 2011-03-29 18:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0728
Description:
 Cross-site scripting (XSS) vulnerability in templatefunctions.py in
 Loggerhead before 1.18.1 allows remote authenticated users to inject
 arbitrary web script or HTML via a filename, which is not properly handled
 in a revision view.
Ubuntu-Description: 
Notes: 
 sbeattie> XSS from crafted branch contents
Bugs: 
 https://bugs.launchpad.net/loggerhead/+bug/740142
Priority: untriaged
Discovered-by:
Assigned-to: sbeattie
CVSS: 

Patches_loggerhead:
upstream_loggerhead: released (1.8.1)
dapper_loggerhead: DNE
hardy_loggerhead: DNE
karmic_loggerhead: released (1.17-0ubuntu1.1)
lucid_loggerhead: released (1.17+bzr400-1ubuntu0.1)
maverick_loggerhead: released (1.17+bzr424-1ubuntu1.1)
devel_loggerhead: not-affected (1.18.1-1)