Updated: 2026-01-19 04:04:21.295909
Description:
The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 4.3 |
| CVSS Version 3.x | MEDIUM | 6.1 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| Ubuntu 16.04 | python | 3.6 | 6.1 | MEDIUM | Already Fixed | 2025-08-15 00:40:07 | ||
| Ubuntu 18.04 | python | 2.7 | 6.1 | MEDIUM | Already Fixed | 2025-09-09 19:33:27 | ||
| Ubuntu 18.04 | python | 3.6 | 6.1 | MEDIUM | Already Fixed | 2025-08-15 00:40:05 | ||
| Ubuntu 20.04 | python | 2.7 | 6.1 | MEDIUM | Already Fixed | 2025-09-09 19:33:27 | ||
| Ubuntu 20.04 | python | 3.6 | 6.1 | MEDIUM | Already Fixed | 2025-08-15 00:40:02 | ||
| Ubuntu 22.04 | python | 2.7 | 6.1 | MEDIUM | Already Fixed | 2025-09-09 19:33:26 | ||
| Ubuntu 22.04 | python | 3.6 | 6.1 | MEDIUM | Already Fixed | 2025-08-15 00:40:08 | ||
| Ubuntu 24.04 | python | 2.7 | 6.1 | MEDIUM | Already Fixed | 2025-09-09 19:33:25 | ||
| Ubuntu 24.04 | python | 3.6 | 6.1 | MEDIUM | Already Fixed | 2025-08-15 00:40:04 |