Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2010-07-02T19:00:00Z
Updated: 2024-09-17T01:11:36.064Z
Reserved: 2010-07-02T00:00:00Z
Link: CVE-2009-4924
Vulnrichment
No data.
NVD
Status : Modified
Published: 2010-07-02T19:30:00.863
Modified: 2024-11-21T01:10:47.210
Link: CVE-2009-4924
Redhat
No data.