MySQL Eventum Multiple Input Validation Vulnerabilities
MySQL Eventum is designed to be a software bug-tracking application. It is Web-based, implemented in PHP with a MySQL database back end. It is freely available for Unix, Apple Mac OS X, other Unix variants, and Microsoft Windows.
Multiple input validation vulnerabilities reportedly affect MySQL Eventum. These issues are due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic Web page content.
The issues specifically reported are cross-site scripting, a default, undocumented administrator account, and HTML injection vulnerabilities.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate theft of cookie-based authentication credentials as well as other attacks.