Computer Security

Trac content displaying vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Trac content displaying vulnerability
Published:12.03.2007
Source:CVE
SecurityVulns ID:7393
Type:client
Level:5/10
Description:Content-Disposition MIME header is not defined. Crossite scripting.
Affected:EDGEWALL : Trac 0.10
CVE:CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.)
 CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru