3 matches found
Debian DSA-1475-1 : gforge - missing input sanitising
Jose Ramon Palanco discovered that a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...
[SECURITY] [DSA 1475-1] new gforge packages fix cross site scripting
------------------------------------------------------------------------ Debian Security Advisory DSA-1475-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 26, 2008 http://www.debian.org/security/faq -...
CVE-2007-0176
GForge contains a cross-site scripting (XSS) vulnerability in search/advanced_search.php (words parameter) affecting version 4.5.11 (and related builds). The flaw allows remote injection of arbitrary scripts/HTML in the context of a logged-in user. Debian DSAs note a fix in 4.5.14 (and related up...