The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Python: Cross Site Scripting via DocXMLRPCServer.py

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via DocXMLRPCServer.py of Python, in order to run JavaScript code in the context of the web site.
Severity of this bulletin: 2/4.
Creation date: 30/09/2019.
Références of this threat: 1102875, CVE-2019-16935, openSUSE-SU-2019:2389-1, openSUSE-SU-2019:2393-1, openSUSE-SU-2019:2438-1, openSUSE-SU-2019:2453-1, SUSE-SU-2019:2748-1, SUSE-SU-2019:2748-2, USN-4151-1, USN-4151-2, VIGILANCE-VUL-30477.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via DocXMLRPCServer.py of Python, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

This threat impacts software or systems such as IBM i, openSUSE Leap, Python, SUSE Linux Enterprise Desktop, SLES, Ubuntu.

Our Vigil@nce team determined that the severity of this computer threat is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this cybersecurity bulletin.

Solutions for this threat

Python: patch for DocXMLRPCServer.py.
A patch is indicated in information sources.

IBM i: solution for Python.
The solution is indicated in information sources.

openSUSE Leap 15.0: new python3 packages.
New packages are available:
  openSUSE Leap 15.0: python3 3.6.9-lp150.2.14.1

openSUSE Leap 15.1: new python3 packages.
New packages are available:
  openSUSE Leap 15.1: python3 3.6.9-lp151.6.4.1

openSUSE Leap 15: new python packages.
New packages are available:
  openSUSE Leap 15.0: python 2.7.14-lp150.6.21.1
  openSUSE Leap 15.1: python 2.7.14-lp151.10.10.1

SUSE LE 12 SP4: new python packages.
New packages are available:
  SUSE LE 12 SP4: python 2.7.13-28.36.1

SUSE LE 12 SP5: new python packages.
New packages are available:
  SUSE LE 12 SP5: python 2.7.13-28.36.1

Ubuntu: new python packages.
New packages are available:
  Ubuntu 19.04: python2.7 2.7.16-2ubuntu0.2, python3.7 3.7.3-2ubuntu0.2
  Ubuntu 18.04 LTS: python2.7 2.7.15-4ubuntu4~18.04.2, python3.6 3.6.8-1~18.04.3
  Ubuntu 16.04 LTS: python2.7 2.7.12-1ubuntu0~16.04.9, python3.5 3.5.2-2ubuntu0~16.04.9
  Ubuntu 14.04 ESM: python2.7 2.7.6-8ubuntu0.6+esm3, python3.4 3.4.3-1ubuntu1~14.04.7+esm4
  Ubuntu 12.04 ESM: python2.7 2.7.3-0ubuntu3.15
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a systems vulnerabilities database. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.