CVE-2005-2430 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php (3) project_task_id parameter to task.php (4) id parameter to detail.php (5) the text field on the search page (6) group_id parameter to qrs.php (7) form (8) rows (9) cols or (10) wrap parameter to notepad.php or the login field on the login form.
Reference
http://marc.info/?l=bugtraq&m=112259845904350&w=2 http://secunia.com/advisories/16253/ http://secunia.com/advisories/20622 http://www.debian.org/security/2006/dsa-1094 http://www.osvdb.org/18299 http://www.osvdb.org/18300 http://www.osvdb.org/18301 http://www.osvdb.org/18302 http://www.osvdb.org/18303 http://www.osvdb.org/18304 http://www.securityfocus.com/bid/14405 https://exchange.xforce.ibmcloud.com/vulnerabilities/21558
Share on: