2 matches found
CVE-2009-4069
CVE-2009-4069 affects GForge, with multiple cross-site scripting (XSS) vulnerabilities reported in at least GForge 4.5.14 and 4.7.3 (and possibly other versions). Attackers can inject arbitrary web script or HTML via unspecified vectors. The Red Hat, Debian, and Ubuntu entries reiterate XSS issue...
Design/Logic Flaw
The writearrayfile function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances...