oss-sec mailing list archives

Re: CVE Request -- Python-Mako (prior v0.3.4): Improper escaping of single quotes in escape.cgi (XSS)

From: Josh Bressers <bressers () redhat com>
Date: Wed, 30 Jun 2010 15:28:48 -0400 (EDT)

Please use CVE-2010-2480

Thanks.

-- 
    JB


----- "Jan Lieskovsky" <jlieskov () redhat com> wrote:

Hi Steve, vendors,

   Craig Younkins reported:
     [1] http://bugs.python.org/issue9061

   that Python Mako (of versions prior v0.3.4), a template library
written in Python,
   improperly escaped single quotes in escape.cgi. An attacker could
use this flaw to conduct
   cross-site scripting (XSS) attacks.

   References:
     [2] http://www.makotemplates.org/CHANGES

Sample public PoC (from [1]):

   Proof of concept:
   print """<body class='%s'></body>""" % cgi.escape("'
onload='alert(1);'
bad='")

Could you allocate a CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Python-Mako (prior v0.3.4): Improper escaping of single quotes in escape.cgi (XSS) Jan Lieskovsky (Jun 30)
- Re: CVE Request -- Python-Mako (prior v0.3.4): Improper escaping of single quotes in escape.cgi (XSS) Josh Bressers (Jun 30)