CVE-2011-0728

Name of the Vulnerable Software and Affected Versions Loggerhead versions prior to 1.18.1

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view. This is due to a cross-site scripting (XSS) vulnerability in the templatefunctions.py file.

Recommendations For versions prior to 1.18.1, update to version 1.18.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the revision view to minimize the risk of exploitation.