CVE-2010-2477
Last modified
CVE-2010-2477 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.. EPSS estimates a 2.29% chance of exploitation in the next 30 days.
Description
Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Pythonpaste | Paste | <= 1.7.3.1 |
| Pythonpaste | Paste | 0.1.0 |
| Pythonpaste | Paste | 0.3 |
| Pythonpaste | Paste | 0.4.1 |
| Pythonpaste | Paste | 0.5 |
| Pythonpaste | Paste | 0.9.1 |
| Pythonpaste | Paste | 0.9.2 |
| Pythonpaste | Paste | 0.9.3 |
| Pythonpaste | Paste | 0.9.4 |
| Pythonpaste | Paste | 1.0.1 |
| Pythonpaste | Paste | 1.1 |
| Pythonpaste | Paste | 1.1.1 |
| Pythonpaste | Paste | 1.2 |
| Pythonpaste | Paste | 1.3 |
| Pythonpaste | Paste | 1.4 |
| Pythonpaste | Paste | 1.4.2 |
| Pythonpaste | Paste | 1.5 |
| Pythonpaste | Paste | 1.6 |
| Pythonpaste | Paste | 1.7 |
| Pythonpaste | Paste | 1.7.1 |
| Pythonpaste | Paste | 1.7.2 |
| Pythonpaste | Paste | 1.7.3 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-2477?
How severe is CVE-2010-2477?
How do I fix CVE-2010-2477?
Are you affected by CVE-2010-2477?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST