Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste prior to 1.7.4 allow remote malicious users to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pythonpaste paste |
||
pythonpaste paste 1.4.2 |
||
pythonpaste paste 1.4 |
||
pythonpaste paste 0.9.2 |
||
pythonpaste paste 0.9.1 |
||
pythonpaste paste 1.7.3 |
||
pythonpaste paste 1.7.2 |
||
pythonpaste paste 1.3 |
||
pythonpaste paste 1.2 |
||
pythonpaste paste 0.5 |
||
pythonpaste paste 0.4.1 |
||
pythonpaste paste 1.7.1 |
||
pythonpaste paste 1.7 |
||
pythonpaste paste 1.1.1 |
||
pythonpaste paste 1.1 |
||
pythonpaste paste 0.1.0 |
||
pythonpaste paste 0.3 |
||
pythonpaste paste 1.6 |
||
pythonpaste paste 1.5 |
||
pythonpaste paste 1.0.1 |
||
pythonpaste paste 0.9.4 |
||
pythonpaste paste 0.9.3 |