Title: Python Publishing Accessories Error Messages Cross-Site Scripting Vulnerability
Severity: MODERATE
Description:
Python Publishing Accessories is a library consisting of python modules that are used to create web publication systems.
A vulnerability has been reported to exist because of the error messages returned to a user in Python Publishing Accessories. This issue may allow a remote attacker to execute HTML or script code in a user's browser due to insufficient sanitization of user input.
The problem is reported to exist due to a lack of sanitization of error messages by the software. The vulnerable software is reported to include requests for invalid URLs in error messages returned to a user without proper sanitization. HTML and script code will be rendered in a user's browser, therefore making it possible for an attacker to a construct a malicious link containing HTML or script code that may be rendered in a user's browser upon visiting that link. This attack would occur in the security context of the affected site.
Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. Other attacks may well be possible.
This issue is reported to be present in Python Publishing Accessories version 0.2.1, however prior versions may be affected as well.
Affected Products:
- Python Publishing Accessories Python Publishing Accessories 0.2.1
References:
- SourceForge: Python Publishing Accessories
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
