Buscar
Archivos
«
»

GForge Cross Site Scripting vulnerability

26 de Octubre de 2006 | Autor: admin
Version: Tested on GForge 4.5.11
Discovered by: José Ramón Palanco: jose.palanco(at)eazel(dot)es

http://www.eazel.es
Description: GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting.

To exploit any attacker may send via GET method the “words” variable to:
>”<script>alert(‘www.eazel.es’)</script>
to http://site/search/advanced_search.php?group_id=X&search=1
where X is any active project in the gforge installation.
Timeline:
discovered: 26/10/2006
published: 5/01/2007

keywords: advisory006-gforge-cross-site-scripting-vulnerability.html
Publicado en Security Advisories | Etiquetas: ,

Deja un comentario

Categorías
Bookmarks

Contact Us | Terms of Use | Trademarks | Privacy Statement
Copyright © 2009 eazel. All Rights Reserved.

Powered by WordPress and WordPress Theme created with Artisteer.