{"id":"CVE-2011-0728","details":"Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view.","aliases":["GHSA-qjmg-77xh-7mjw"],"modified":"2026-04-10T03:41:39.047168Z","published":"2011-03-29T18:55:01Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/43822"},{"type":"ADVISORY","url":"http://secunia.com/advisories/44017"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2011/0848"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2011/0849"},{"type":"FIX","url":"https://bugs.launchpad.net/loggerhead/+bug/740142"},{"type":"FIX","url":"https://launchpad.net/loggerhead/1.18/1.18.1"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057413.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057479.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057502.html"},{"type":"WEB","url":"http://www.osvdb.org/71279"},{"type":"WEB","url":"http://www.securityfocus.com/bid/47032"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/66305"}],"schema_version":"1.7.5"}