Computer Security
[EN] securityvulns.ru no-pyccku


Trac content displaying vulnerability
Published:12.03.2007
Source:
SecurityVulns ID:7393
Type:client
Threat Level:
5/10
Description:Content-Disposition MIME header is not defined. Crossite scripting.
Affected:EDGEWALL : Trac 0.10
CVE:CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.)
 CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod