EUVD-2007-2066

Malware in sbrugna...

open-gorotto cross-site scripting vulnerability

Overview open-gorotto, open source software to create members-only community sites, contains a cross-site scripting vulnerability, as it does not properly handle output of usernames. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is...

CVE-2007-2071

Multiple cross-site scripting XSS vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 pub/modules/d/top.html; 2 /pub/modules/a/access.html;...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 pub/modules/d/top.html; 2 /pub/modules/a/access.html;...

CVE-2007-2071

Open-gorotto 2.0a (2006-02-08, 2006-03-19, 2006-04-07 editions) contains multiple cross-site scripting (XSS) vulnerabilities disclosed for several pages under pub/modules (including d/_top.html, a/_access.html, ci/, f/ directories). The flaws allow remote attackers to inject arbitrary scripts via...

CVE-2007-2071

Multiple cross-site scripting XSS vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 pub/modules/d/top.html; 2 /pub/modules/a/access.html;...

JVN#84646028 open-gorotto cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected open-gorotto 2.0a 04/07/2006 and earlier...