Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| michael_hudson-doyle | loggerhead | 1.6 |
| michael_hudson-doyle | loggerhead | 1.10 |
| michael_hudson-doyle | loggerhead | 1.6.1 |
| michael_hudson-doyle | loggerhead | 1.17 |
| michael_hudson-doyle | loggerhead | * |