2 matches found
CVE-2009-0417
Cross-site scripting XSS vulnerability in the AgaviWebRouting::gennull method in Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with certain characters that are not properly handled by web browsers that do not...
CVE-2009-0417
The CVE-2009-0417 issue is an XSS vulnerability in AgaviWebRouting::gen(null) affecting Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8. It allows remote attackers to inject arbitrary script/HTML via a crafted URL that bypasses RFC 3986 handling in some browsers (e.g., IE6/IE7). The descript...