CVE-2009-1845 Information

Description

Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter.

Reference

http://gsasec.blogspot.com/2009/05/vanilla-v117-cross-site-scripting.html http://lussumo.com/community/discussion/9524/vanilla-118-released/Item_0 http://secunia.com/advisories/35234 http://www.securityfocus.com/archive/1/503847/100/0/threaded