Edgewall · Edgewall Trac · CVE-2005-4305
**Name of the Vulnerable Software and Affected Versions**
Edgewall Trac versions 0.9 through 0.9.2
**Description**
The issue allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page. This is due to a cross-site scripting (XSS) vulnerability.
**Recommendations**
For Edgewall Trac versions 0.9 through 0.9.2, update to a version that properly sanitizes URLs to prevent arbitrary web script or HTML injection.