{"id":"CVE-2010-2480","details":"Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.","aliases":["GHSA-7q8x-38mc-p84f","PYSEC-2010-1"],"modified":"2026-04-10T03:41:19.191915Z","published":"2010-07-02T19:00:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/39935"},{"type":"WEB","url":"http://bugs.python.org/issue9061"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"},{"type":"WEB","url":"http://www.makotemplates.org/CHANGES"}],"schema_version":"1.7.5"}