Moderate severityNVD Advisory· Published Aug 25, 2009· Updated Jun 16, 2026
CVE-2009-2959
CVE-2009-2959
Description
Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
buildbotPyPI | >= 0.7.6, < 0.7.11p3 | 0.7.11p3 |
Affected products
10cpe:2.3:a:buildbot:buildbot:0.7.10:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:buildbot:buildbot:0.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:buildbot:buildbot:0.7.10p1:*:*:*:*:*:*:*
- cpe:2.3:a:buildbot:buildbot:0.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:buildbot:buildbot:0.7.11p1:*:*:*:*:*:*:*
- cpe:2.3:a:buildbot:buildbot:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:buildbot:buildbot:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:buildbot:buildbot:0.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:buildbot:buildbot:0.7.9:*:*:*:*:*:*:*
- (no CPE)range: >=0.7.6, <=0.7.11p1
Patches
Vulnerability mechanics
References
16- buildbot.net/tracnvdPatchWEB
- sourceforge.net/mailarchive/message.phpnvdPatchWEB
- www.securityfocus.com/bid/36100nvdPatch
- www.vupen.com/english/advisories/2009/2352nvdPatchVendor Advisory
- www.redhat.com/archives/fedora-package-announce/2009-August/msg00978.htmlnvdPatchWEB
- www.redhat.com/archives/fedora-package-announce/2009-August/msg00985.htmlnvdPatchWEB
- secunia.com/advisories/36352nvdVendor Advisory
- secunia.com/advisories/36418nvdVendor Advisory
- github.com/advisories/GHSA-jqqh-999x-w26wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2009-2959ghsaADVISORY
- github.com/buildbot/buildbot/commit/a08ee48e796ae66c54fca6a087b4adce7d1d6c06ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/buildbot/PYSEC-2009-1.yamlghsaWEB
- web.archive.org/web/20101118080215/http://www.vupen.com/english/advisories/2009/2352ghsaWEB
- web.archive.org/web/20111225112636/http://secunia.com/advisories/36352ghsaWEB
- web.archive.org/web/20111225123121/http://secunia.com/advisories/36418ghsaWEB
- web.archive.org/web/20200228175025/http://www.securityfocus.com/bid/36100ghsaWEB
News mentions
0No linked articles in our index yet.