Summary
This host is installed with Mako and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application.
Solution
Upgrade to Mako version 0.3.4 or later,
For updates refer to http://www.makotemplates.org/download.html
Insight
The flaw exists due to an error in 'cgi.escape()' function which does not properly filter single quotes.
Affected
Mako version before 0.3.4
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-2480 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
- Apple Safari Webkit Multiple Vulnerabilities - May13 (Mac OS X)
- Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
- Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)