Moderate severityNVD Advisory· Published Jul 2, 2010· Updated Apr 29, 2026
CVE-2010-2480
CVE-2010-2480
Description
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
makoPyPI | < 0.3.4 | 0.3.4 |
Affected products
22cpe:2.3:a:makotemplates:mako:*:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:makotemplates:mako:*:*:*:*:*:*:*:*range: <=0.3.3
- cpe:2.3:a:makotemplates:mako:0.1.0:-:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:makotemplates:mako:0.3.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- secunia.com/advisories/39935nvdVendor Advisory
- github.com/advisories/GHSA-7q8x-38mc-p84fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-2480ghsaADVISORY
- bugs.python.org/issue9061nvdWEB
- lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlnvdWEB
- www.makotemplates.org/CHANGESnvdWEB
- access.redhat.com/security/cve/CVE-2010-2480ghsaWEB
- bugs.python.org/issue9061ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/mako/PYSEC-2010-1.yamlghsaWEB
- lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlghsaWEB
- www.makotemplates.org/CHANGESghsaWEB
News mentions
0No linked articles in our index yet.