Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-3328

Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Related bugs and status

CVE-2008-3328 (Candidate) is related to these bugs:

Bug #394290: Trac needs security fixes

		In	Importance	Status
394290	Trac needs security fixes	trac (Ubuntu)	Low	Fix Released
394290	Trac needs security fixes	trac (Ubuntu Dapper)	Low	Won't Fix
394290	Trac needs security fixes	trac (Ubuntu Hardy)	Low	Won't Fix
394290	Trac needs security fixes	trac (Ubuntu Karmic)	Low	Fix Released
394290	Trac needs security fixes	trac (Ubuntu Jaunty)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://trac.edgewall.o...
FEDORA: FEDORA-2008-6830
FEDORA: FEDORA-2008-6833
BID: 30400
SECUNIA: 31231
SECUNIA: 31314
VUPEN: ADV-2008-2223
XF: trac-wikiengine-xss(44...