CVE-2009-4924

Name of the Vulnerable Software and Affected Versions python-cjson version 1.0.5

Description The issue arises from improper handling of a ['/'] argument to cjson.encode, facilitating certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element. This can be exploited by remote attackers.

Recommendations For python-cjson version 1.0.5, consider avoiding the use of the cjson.encode function with a ['/'] argument until a proper fix is available. As a temporary workaround, restrict the input to cjson.encode to prevent the ['/'] argument from being passed, minimizing the risk of XSS attacks.