Lucene search
Dan RosenbergEDB-ID:33469HistoryJan 05, 2010 - 12:00 a.m.
LXR 0.9.x - Cross Referencer Multiple Cross-Site Scripting Vulnerabilities
2010-01-0500:00:00
Dan Rosenberg
www.exploit-db.com
16
source: https://www.securityfocus.com/bid/37612/info
LXR Cross Referencer is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
LXR Cross Referencer 0.9.5 and 0.9.6 are affected; other versions may also be vulnerable.
http://www.example.com/lxr/ident?i=<script>alert('XSS')</script> Related
freebsd
freebsd
lxr -- multiple XSS vulnerabilities
2010-01-05 00:00:00
cvelist
cvelist
nvd
nvd
ubuntucve
ubuntucve
prion
prion
Cross site scripting
2010-01-07 19:30:00
Cross site scripting
2010-06-24 12:30:00
Cross site scripting
2010-06-24 12:30:00
openvas
openvas
FreeBSD Ports: lxr
2010-05-14 00:00:00
FreeBSD Ports: lxr
2010-05-14 00:00:00
Debian: Security Advisory (DSA-2092-1)
2010-08-21 00:00:00
cve
cve
nessus
nessus
FreeBSD : lxr -- multiple XSS vulnerabilities (0491d15a-5875-11df-8d80-0015587e2cc1)
2010-05-07 00:00:00
Debian DSA-2092-1 : lxr-cvs - missing input sanitizing
2010-08-23 00:00:00
securityvulns
securityvulns
debian
debian
[SECURITY] [DSA 2092-1] New lxr-cvs packages fix cross-site scripting
2010-08-17 20:30:57