Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities
Author: Stan Bubrouski Date: 19 August 2002 Product: Bonsai Versions Affected: AllCurrent and CVS all vulnerable Severity: Cross Site Scripting is possible in several places due to a lack of stripping of tags from input. Some error messages also contain CSS and reveal the physical path of the...