AJAX Spell Checker (ajax-spell) XSS

2005-06-17T12:04:33
ID OSVDB:17416
Type osvdb
Reporter OSVDB
Modified 2005-06-17T12:04:33

Description

Solution Description

Upgrade to version 1.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Note: This was originally patched in 1.8 but the method was not complete, allowing for script insertion still.

References:

Vendor URL: http://sourceforge.net/projects/ajax-spell/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=141511&release_id=335637 Secunia Advisory ID:15737 CVE-2005-2042 Bugtraq ID: 13986