Abe (aka bitcoin-abe) up to and including 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bitcoin-abe project bitcoin-abe |
||
bitcoin-abe project bitcoin-abe 0.8 |