CVE-2009-0359 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.

Reference

http://osvdb.org/52022 http://samizdat.nongnu.org/release-notes/samizdat-0.6.1-xss-escape-title.patch http://www.mail-archive.com/debian-testing-security-announce@lists.debian.org/msg00171.html http://www.nongnu.org/samizdat/release-notes/samizdat-0.6.2.html http://www.securityfocus.com/archive/1/500961/100/0/threaded http://www.securityfocus.com/bid/33768