{"id":"PYSEC-2008-5","details":"Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.","aliases":["CVE-2008-3328","GHSA-x6jf-c7wh-7m7w"],"modified":"2024-04-29T12:12:01.015136Z","published":"2008-07-27T22:41:00Z","references":[{"type":"WEB","url":"http://trac.edgewall.org/wiki/ChangeLog"},{"type":"ADVISORY","url":"http://secunia.com/advisories/31314"},{"type":"WEB","url":"http://www.securityfocus.com/bid/30400"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/31231"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2008/2223/references"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44016"}],"affected":[{"package":{"name":"trac","ecosystem":"PyPI","purl":"pkg:pypi/trac"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10.5"}]}],"versions":["0.10","0.8.4","0.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/trac/PYSEC-2008-5.yaml"}}],"schema_version":"1.7.3"}