{"id":"PYSEC-2009-2","details":"Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959.","aliases":["CVE-2009-2967","GHSA-mj3x-wprp-mvj9"],"modified":"2024-04-01T19:56:40.739612Z","published":"2009-08-26T14:24:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/36352"},{"type":"ADVISORY","url":"http://secunia.com/advisories/36418"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2009/2352"},{"type":"WEB","url":"http://sourceforge.net/mailarchive/message.php?msg_name=42338fbf0908130837o86b77d6y725233076286226f%40mail.gmail.com"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00978.html"},{"type":"WEB","url":"http://buildbot.net/trac#SecurityAlert"},{"type":"WEB","url":"http://www.securityfocus.com/bid/36100"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00985.html"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/52896"}],"affected":[{"package":{"name":"buildbot","ecosystem":"PyPI","purl":"pkg:pypi/buildbot"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.7.6"},{"fixed":"0.7.12"}]}],"versions":["0.7.10","0.7.11","0.7.6","0.7.7","0.7.8","0.7.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/buildbot/PYSEC-2009-2.yaml"}}],"schema_version":"1.7.3"}