ProjectForum 18.104.22.16838 and possibly previous versions, are vulnerable to cross site scripting (XSS).
An attacker with access to the ProjectForum wiki can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
We are currently unaware of a practical solution to this problem.
As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent XSS or CSRF attacks since the attack comes as an HTTP request from a legitimate user's host. Restricting access would prevent an attacker from accessing a ProjectForum wiki using stolen credentials from a blocked network location.
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Updated: September 20, 2011
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector
Base | |
Temporal | |
Environmental | |
Thanks to Paul Davis for reporting this vulnerability.
This document was written by Michael Orlando.
CVE IDs: | None
Severity Metric: | 0.03
Date Public: | 2011-09-30
Date First Published: | 2011-09-30
Date Last Updated: | 2011-09-30 11:58 UTC
Document Revision: | 10