2 matches found
Deserialization of untrusted data
index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action...
CVE-2006-2892
CVE-2006-2892 is an XSS vulnerability in GANTTy 1.0.3, where the index.php login action accepts a message parameter that can be exploited to inject arbitrary HTML/JavaScript. The entry lists a CVSS v2 base score of 4.3 (Medium) with network attack vector, no confidentiality/availability impact, p...