PYSEC-2017-17

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/kallithea/PYSEC-2017-17.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2017-17

Aliases

CVE-2015-1864
GHSA-fh5c-7gmg-xmp6

Published

2017-09-19T15:29:00Z

Modified

2024-04-29T16:26:54.595949Z

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description.

References

https://kallithea-scm.org/security/cve-2015-1864.html
https://kallithea-scm.org/repos/kallithea/changeset/a8f2986afc18c9221bf99f88b06e60ab83c86c55
http://www.securityfocus.com/bid/74184
http://www.openwall.com/lists/oss-security/2015/04/14/12

Affected packages

PyPI / kallithea

Package

Name: kallithea; View open source insights on deps.dev
Purl: pkg:pypi/kallithea

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.1

Affected versions

0.*

0.0

0.1

0.2