CVE-2008-6645 Information

Description

Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel 0.7 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header ($_SERVER [‘HTTP_USER_AGENT’]) which is not properly handled when displaying log files.

Reference

http://osvdb.org/51439 http://www.securityfocus.com/archive/1/492876/100/0/threaded http://www.securityfocus.com/archive/1/492879/100/0/threaded