CVE-2008-3328
published 2008-07-27CVE-2008-3328: Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.33%
67.6th percentile
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | trac | < trac 0.11-1 (sid) | trac 0.11-1 (sid) |
| edgewall_software | trac | <= 0.10.4 | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_redhat6.1MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Trac Cross-site Scripting (XSS) vulnerability
osv·2022-05-01
CVE-2008-3328 [MEDIUM] Trac Cross-site Scripting (XSS) vulnerability
Trac Cross-site Scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
GHSA
Trac Cross-site Scripting (XSS) vulnerability
ghsa·2022-05-01
CVE-2008-3328 [MEDIUM] CWE-79 Trac Cross-site Scripting (XSS) vulnerability
Trac Cross-site Scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
OSV
CVE-2008-3328: Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0
osv·2008-07-27·CVSS 4.3
CVE-2008-3328 [MEDIUM] CVE-2008-3328: Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Red Hat
trac: multiple security fixes in 0.10.5 (CVE-2008-2951, CVE-2008-3328)
vendor_redhat·2008-06-13·CVSS 6.1
CVE-2008-3328 [MEDIUM] trac: multiple security fixes in 0.10.5 (CVE-2008-2951, CVE-2008-3328)
trac: multiple security fixes in 0.10.5 (CVE-2008-2951, CVE-2008-3328)
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Debian
CVE-2008-3328: trac - Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10....
vendor_debian·2008·CVSS 4.3
CVE-2008-3328 [MEDIUM] CVE-2008-3328: trac - Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10....
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Scope: local
sid: resolved (fixed in 0.11-1)
trixie: resolved (fixed in 0.11-1)
No detection rules found.
No public exploits indexed.
Bugzilla
trac: multiple security fixes in 0.10.5 (CVE-2008-2951, CVE-2008-3328) [fedora-epel4]
bugzilla·2010-12-23·CVSS 6.1
CVE-2008-2951 [MEDIUM] trac: multiple security fixes in 0.10.5 (CVE-2008-2951, CVE-2008-3328) [fedora-epel4]
trac: multiple security fixes in 0.10.5 (CVE-2008-2951, CVE-2008-3328) [fedora-epel4]
+++ This bug was initially created as a clone of Bug #456874 +++
Upstream trac 0.10.5 fixes two non-critical security issues:
http://trac.edgewall.org/wiki/ChangeLog#a0.10.5
CVE-2008-2951:
Open redirect vulnerability in the search script in Trac before 0.10.5
allows remote attackers to redirect users to arbitrary web sites and
conduct phishing attacks via a URL in the q parameter.
References:
http://holisticinfosec.org/content/view/72/45/
http://www.osvdb.org/46513
Upstream patch:
http://trac.edgewall.org/changeset/7224/branches/0.10-stable
CVE-2008-3328:
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac
before 0.10.5 allows remote attackers to inject arbitrary web script
or HTM
Bugzilla
trac: multiple security fixes in 0.10.5 (CVE-2008-2951, CVE-2008-3328)
bugzilla·2008-07-28·CVSS 6.1
CVE-2008-2951 [MEDIUM] trac: multiple security fixes in 0.10.5 (CVE-2008-2951, CVE-2008-3328)
trac: multiple security fixes in 0.10.5 (CVE-2008-2951, CVE-2008-3328)
Upstream trac 0.10.5 fixes two non-critical security issues:
http://trac.edgewall.org/wiki/ChangeLog#a0.10.5
CVE-2008-2951:
Open redirect vulnerability in the search script in Trac before 0.10.5
allows remote attackers to redirect users to arbitrary web sites and
conduct phishing attacks via a URL in the q parameter.
References:
http://holisticinfosec.org/content/view/72/45/
http://www.osvdb.org/46513
Upstream patch:
http://trac.edgewall.org/changeset/7224/branches/0.10-stable
CVE-2008-3328:
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac
before 0.10.5 allows remote attackers to inject arbitrary web script
or HTML via unknown vectors.
Upstream patch:
http://trac.edgewall.org/changeset/7207/b
http://secunia.com/advisories/31231http://secunia.com/advisories/31314http://trac.edgewall.org/wiki/ChangeLoghttp://www.securityfocus.com/bid/30400http://www.vupen.com/english/advisories/2008/2223/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/44016https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.htmlhttp://secunia.com/advisories/31231http://secunia.com/advisories/31314http://trac.edgewall.org/wiki/ChangeLoghttp://www.securityfocus.com/bid/30400http://www.vupen.com/english/advisories/2008/2223/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/44016https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html
2008-07-27
Published