|
|
|
| GForge Cross Site Scripting vulnerability |
| Version: |
Tested on GForge 4.5.11
|
| Discovered by: |
José Ramón Palanco: jose.palanco(at)eazel(dot)es
http://www.eazel.es |
| Description: |
GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks.
Due to improper filtering, a remote attacker can cause a cross site scripting.
To exploit any attacker may send via GET method the "words" variable to:
>"<script>alert('www.eazel.es')</script>
to http://site/search/advanced_search.php?group_id=X&search=1
where X is any active project in the gforge installation.
Timeline:
discovered: 26/10/2006
published: 5/01/2007
|
|
|
| Conozca la situación real de la seguridad de su empresa. |
|
|
| Someta a sus aplicaciones a los más exigentes test de seguridad. |
|
|
| Aprenda a proteger sus sistemas y aplicaciones informáticas. |
|
|
|
