4 matches found
[SECURITY] [DSA 1937-1] New gforge packages fix cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1937-1 [email protected] http://www.debian.org/security/ Steffen Joeris November 21, 2009 http://www.debian.org/security/faq -...
CVE-2009-3303
Cross-site scripting XSS vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter...
CVE-2009-3303
Cross-site scripting XSS vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter...
CVE-2009-3303
CVE-2009-3303 affects GForge and its help/tracker.php script. Versions 4.5.14, 4.7 rc2, and 4.8.1 are vulnerable to a cross-site scripting (XSS) flaw via the helpname parameter due to insufficient input sanitising. The issue allows remote attackers to inject arbitrary HTML/script content into a u...