CVE-2005-4644: XSS
First published: Sat Dec 31 2005(Updated: )
Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/trac | <0.9-stable | 0.9-stable |
| Edgewall Trac | =0.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://projects.edgewall.com/trac/ticket/2473
- http://www.securityfocus.com/bid/16198
- http://secunia.com/advisories/18465
- http://www.debian.org/security/2006/dsa-951
- http://secunia.com/advisories/18555
- http://trac.edgewall.org/ticket/2473
- http://www.vupen.com/english/advisories/2006/0226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24183
- https://nvd.nist.gov/vuln/detail/CVE-2005-4644
- https://web.archive.org/web/20140722192945/http://secunia.com/advisories/18465
- https://web.archive.org/web/20151104154255/http://secunia.com/advisories/18555
- https://web.archive.org/web/20200302063657/http://www.securityfocus.com/bid/16198
- https://github.com/advisories/GHSA-6vhp-hp77-6w52 (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/trac/PYSEC-2005-1.yaml
Frequently Asked Questions
What is the severity of CVE-2005-4644?
CVE-2005-4644 has a medium severity due to its potential to allow remote attackers to execute arbitrary scripts.
How do I fix CVE-2005-4644?
To fix CVE-2005-4644, upgrade Edgewall Trac to version 0.9.3 or later.
What types of attacks can CVE-2005-4644 enable?
CVE-2005-4644 can enable cross-site scripting (XSS) attacks, potentially compromising user sessions and data.
Which versions of Trac are affected by CVE-2005-4644?
CVE-2005-4644 affects Edgewall Trac version 0.9.2 and earlier.
Is there a workaround for CVE-2005-4644?
A temporary workaround for CVE-2005-4644 is to sanitize user inputs that contain IMG tags to prevent script injection.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/description
- agent/softwarecombine
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-6vhp-hp77-6w52
- alias/CVE-2005-4644
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/references
- collector/github-advisory
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-cve
- source/NVD
- package-manager/pip
- vendor/edgewall software
- canonical/edgewall trac
- version/edgewall trac/0.9.2