CVE-2011-0728 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Michael Hudson-doyle	Loggerhead

Configuration 1 [-]

OR	cpe:2.3:a:michael_hudson-doyle:loggerhead::::::::
	cpe:2.3:a:michael_hudson-doyle:loggerhead:1.6:::::::*
	cpe:2.3:a:michael_hudson-doyle:loggerhead:1.6.1:::::::*
	cpe:2.3:a:michael_hudson-doyle:loggerhead:1.10:::::::*
	cpe:2.3:a:michael_hudson-doyle:loggerhead:1.17:::::::*

No data.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057413.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html
http://secunia.com/advisories/43822
http://secunia.com/advisories/44017
http://www.osvdb.org/71279
http://www.securityfocus.com/bid/47032
http://www.vupen.com/english/advisories/2011/0848
http://www.vupen.com/english/advisories/2011/0849
https://bugs.launchpad.net/loggerhead/+bug/740142
https://exchange.xforce.ibmcloud.com/vulnerabilities/66305
https://launchpad.net/loggerhead/1.18/1.18.1

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2011-03-29T18:00:00

Updated: 2024-08-06T22:05:53.491Z

Reserved: 2011-02-01T00:00:00

Link: CVE-2011-0728

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2011-03-29T18:55:01.723

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-0728

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-24T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/loggerhead/1.18/1.18.1"}, {"name": "FEDORA-2011-4107", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/loggerhead/+bug/740142"}, {"name": "ADV-2011-0849", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0849"}, {"name": "47032", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/47032"}, {"name": "FEDORA-2011-4050", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057413.html"}, {"name": "43822", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43822"}, {"name": "ADV-2011-0848", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0848"}, {"name": "71279", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/71279"}, {"name": "FEDORA-2011-4085", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html"}, {"name": "44017", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/44017"}, {"name": "loggerhead-filename-xss(66305)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66305"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2011-0728", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.net/loggerhead/1.18/1.18.1", "refsource": "CONFIRM", "url": "https://launchpad.net/loggerhead/1.18/1.18.1"}, {"name": "FEDORA-2011-4107", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html"}, {"name": "https://bugs.launchpad.net/loggerhead/+bug/740142", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/loggerhead/+bug/740142"}, {"name": "ADV-2011-0849", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0849"}, {"name": "47032", "refsource": "BID", "url": "http://www.securityfocus.com/bid/47032"}, {"name": "FEDORA-2011-4050", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057413.html"}, {"name": "43822", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43822"}, {"name": "ADV-2011-0848", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0848"}, {"name": "71279", "refsource": "OSVDB", "url": "http://www.osvdb.org/71279"}, {"name": "FEDORA-2011-4085", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html"}, {"name": "44017", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/44017"}, {"name": "loggerhead-filename-xss(66305)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66305"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:05:53.491Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.net/loggerhead/1.18/1.18.1"}, {"name": "FEDORA-2011-4107", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/loggerhead/+bug/740142"}, {"name": "ADV-2011-0849", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0849"}, {"name": "47032", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/47032"}, {"name": "FEDORA-2011-4050", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057413.html"}, {"name": "43822", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43822"}, {"name": "ADV-2011-0848", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0848"}, {"name": "71279", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/71279"}, {"name": "FEDORA-2011-4085", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html"}, {"name": "44017", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/44017"}, {"name": "loggerhead-filename-xss(66305)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66305"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2011-0728", "datePublished": "2011-03-29T18:00:00", "dateReserved": "2011-02-01T00:00:00", "dateUpdated": "2024-08-06T22:05:53.491Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:michael_hudson-doyle:loggerhead:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BE30B73-21B5-4BEB-8CAE-705C79BE58B3", "versionEndIncluding": "1.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:michael_hudson-doyle:loggerhead:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "7DC2A222-BBEE-4B19-BD8C-DDE125E24A30", "vulnerable": true}, {"criteria": "cpe:2.3:a:michael_hudson-doyle:loggerhead:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "B0C0EC7B-7B6C-4E0D-8B8A-9B92E9156774", "vulnerable": true}, {"criteria": "cpe:2.3:a:michael_hudson-doyle:loggerhead:1.10:*:*:*:*:*:*:*", "matchCriteriaId": "BE080462-F98E-4D57-961B-0A99FE7CB725", "vulnerable": true}, {"criteria": "cpe:2.3:a:michael_hudson-doyle:loggerhead:1.17:*:*:*:*:*:*:*", "matchCriteriaId": "6BDEFA0E-9EAF-4F93-95C2-F2CB70AE7A6F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en templatefunctions.py en Loggerhead antes de v1.18.1 permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML a trav\u00e9s de un nombre de fichero que no se maneja correctamente en una vista de revisi\u00f3n."}], "id": "CVE-2011-0728", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-03-29T18:55:01.723", "references": [{"source": "security@ubuntu.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057413.html"}, {"source": "security@ubuntu.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html"}, {"source": "security@ubuntu.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43822"}, {"source": "security@ubuntu.com", "url": "http://secunia.com/advisories/44017"}, {"source": "security@ubuntu.com", "url": "http://www.osvdb.org/71279"}, {"source": "security@ubuntu.com", "url": "http://www.securityfocus.com/bid/47032"}, {"source": "security@ubuntu.com", "url": "http://www.vupen.com/english/advisories/2011/0848"}, {"source": "security@ubuntu.com", "url": "http://www.vupen.com/english/advisories/2011/0849"}, {"source": "security@ubuntu.com", "tags": ["Patch"], "url": "https://bugs.launchpad.net/loggerhead/+bug/740142"}, {"source": "security@ubuntu.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66305"}, {"source": "security@ubuntu.com", "tags": ["Patch"], "url": "https://launchpad.net/loggerhead/1.18/1.18.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057413.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43822"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/44017"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/71279"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/47032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0849"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugs.launchpad.net/loggerhead/+bug/740142"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66305"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://launchpad.net/loggerhead/1.18/1.18.1"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}