CVE-2005-4644: Trac HTML WikiProcessor cross-site scripting (XSS) vulnerability

May 1, 2022 (updated November 18, 2024)

Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.

References

exchange.xforce.ibmcloud.com/vulnerabilities/24183
github.com/advisories/GHSA-6vhp-hp77-6w52
github.com/pypa/advisory-database/tree/main/vulns/trac/PYSEC-2005-1.yaml
nvd.nist.gov/vuln/detail/CVE-2005-4644
web.archive.org/web/20140722192945/http://secunia.com/advisories/18465
web.archive.org/web/20151104154255/http://secunia.com/advisories/18555
web.archive.org/web/20200302063657/http://www.securityfocus.com/bid/16198

Code Behaviors & Features

Detect and mitigate CVE-2005-4644 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →