CVE-2007-1405

Name of the Vulnerable Software and Affected Versions Trac versions prior to 0.10.3.1

Description A cross-site scripting (XSS) issue exists in the "download wiki page as text" feature of Trac, specifically when used with Microsoft Internet Explorer. This allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Recommendations For versions prior to 0.10.3.1, update to version 0.10.3.1 or later to resolve the issue. As a temporary workaround, consider disabling the "download wiki page as text" feature until a patch is available. Restrict access to this feature to minimize the risk of exploitation.