GForge task.php project_task_id Variable XSS

2005-07-28T06:26:51
ID OSVDB:18300
Type osvdb
Reporter Joxean Koret(joxeankoret@yahoo.es)
Modified 2005-07-28T06:26:51

Description

Vulnerability Description

GForge contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "project_task_id" variable upon submission to the "task.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

GForge contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "project_task_id" variable upon submission to the "task.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/pm/task.php?func=detailtask&project_task_id="><h1>hi!</h1>&group_id=1&group_project_id=3

References:

Vendor URL: http://gforge.org/ Secunia Advisory ID:20622 Secunia Advisory ID:16253 Related OSVDB ID: 18303 Related OSVDB ID: 18301 Related OSVDB ID: 18299 Related OSVDB ID: 18302 Related OSVDB ID: 18304 Other Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00180.html Nessus Plugin ID:19314 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0498.html CVE-2005-2430 Bugtraq ID: 14405