GForge Cross Site Scripting vulnerability Jan 08 2007 09:54PM
jose palanco eazel es
GForge Cross Site Scripting vulnerability
Version: Tested on GForge 4.5.11
Discovered by: José Ramón Palanco: jose.palanco(at)eazel(dot)es

GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting.

To exploit any attacker may send via GET method the "words" variable to:
to http://site/search/advanced_search.php?group_id=X&search=1
where X is any active project in the gforge installation.

discovered: 26/10/2006
published: 8/01/2007

Original advisory:

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus