CVE-2009-1845

CVE-2009-1845 describes a cross-site scripting (XSS) vulnerability in Lussumo Vanilla specifically in ajax/updatecheck.php, affecting Vanilla 1.1.5 and 1.1.7. The underlying issue is that the RequestName parameter can be exploited to inject arbitrary web script or HTML. Connected sources (OpenVAS...

Vanilla 1.1.7 Cross Site Scripting

Author: Gerendi Sandor Attila Original advisory: http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html Date: May 14, 2009 Package: Vanilla 1.1.7 Product Homepage: http://getvanilla.com/ Versions Affected: v.1.1.7, 1.1.5 Other versions may also be affected Severity: Medium Inpu...