2 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 categorydescription parameter to user/main/updatecategory, which is not properly handled by app/views/categories/index.html.erb; an...
DiamondList 0.1.6 - Cross-Site Request Forgery
Vulnerability ID: HTB22517 Reference: http://www.htbridge.ch/advisory/xsrfcsrfindiamondlist.html Product: DiamondList Vendor: Hulihan Applications http://hulihanapplications.com/projects/diamondlist Vulnerable Version: 0.1.6 and Probably Prior Versions Vendor Notification: 22 July 2010...