GForge Cross Site Scripting vulnerability

2007.01.11
Credit: Jos Ramn Palanco
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2007-0176
CWE: CWE-79


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

GForge Cross Site Scripting vulnerability Version: Tested on GForge 4.5.11 Discovered by: Jos Ramn Palanco: jose.palanco(at)eazel(dot)es http://www.eazel.es Description: GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting. To exploit any attacker may send via GET method the "words" variable to: >"<script>alert('www.eazel.es')</script> to http://site/search/advanced_search.php?group_id=X&search=1 where X is any active project in the gforge installation. Timeline: discovered: 26/10/2006 published: 8/01/2007 Original advisory: http://www.eazel.es/advisory006-gforge-cross-site-scripting-vulnerabilit y.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top