Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2006-07-19T01:00:00
Updated: 2024-08-07T18:39:53.571Z
Reserved: 2006-07-18T00:00:00
Link: CVE-2006-3695
Vulnrichment
No data.
NVD
Status : Modified
Published: 2006-07-21T14:03:00.000
Modified: 2017-07-20T01:32:29.947
Link: CVE-2006-3695
Redhat
No data.