| Name | CVE-2005-4305 |
| Description | Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 344006 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| trac (PTS) | sid, trixie | 1.6-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| trac | source | sarge | (unfixed) | medium | | |
| trac | source | (unstable) | 0.9.3-1 | | | 344006 |
Notes
upstream bts at http://trac.edgewall.org/ticket/2473 claims this is
fixed in http://trac.edgewall.org/changeset/2724 but it's a fairly
invasive set of patches to backport. basically most instances
of input being escape()'d are no longer done so, and instead a
Markup() function replaces them, and special checks are done
on rendered HTML output to prevent XSS code from being displayed.