CVE-2007-1405: XSS
First published: Sat Mar 10 2007(Updated: )
Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/trac | <0.10.3.1 | 0.10.3.1 |
| Edgewall Trac | =0.10 | |
| Edgewall Trac | =0.10.1 | |
| Edgewall Trac | =0.10.2 | |
| Edgewall Trac | =0.10.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://trac.edgewall.org/wiki/ChangeLog
- http://secunia.com/advisories/24470
- http://www.securityfocus.com/bid/22888
- http://www.vupen.com/english/advisories/2007/0900
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32897
- https://nvd.nist.gov/vuln/detail/CVE-2007-1405
- https://web.archive.org/web/20080801205940/http://secunia.com/advisories/24470
- https://web.archive.org/web/20200228104401/http://www.securityfocus.com/bid/22888
- https://github.com/advisories/GHSA-w7x2-57f7-3p3x (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/trac/PYSEC-2007-2.yaml
Frequently Asked Questions
What is the severity of CVE-2007-1405?
CVE-2007-1405 is considered a moderate severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2007-1405?
To fix CVE-2007-1405, upgrade Trac to version 0.10.3.1 or later.
Which versions of Trac are affected by CVE-2007-1405?
CVE-2007-1405 affects Trac versions 0.10, 0.10.1, 0.10.2, and 0.10.3.
Can CVE-2007-1405 be exploited remotely?
Yes, CVE-2007-1405 can be exploited remotely by attackers through web scripts or HTML injection.
What type of vulnerability is CVE-2007-1405?
CVE-2007-1405 is classified as a cross-site scripting (XSS) vulnerability.
- agent/type
- agent/weakness
- agent/remedy
- agent/description
- agent/softwarecombine
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-w7x2-57f7-3p3x
- alias/CVE-2007-1405
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/references
- collector/github-advisory
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-cve
- source/NVD
- package-manager/pip
- vendor/edgewall software
- canonical/edgewall trac
- version/edgewall trac/0.10
- version/edgewall trac/0.10.1
- version/edgewall trac/0.10.2
- version/edgewall trac/0.10.3