• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Anthill Cross-Agent Scripting Vulnerability

Anthill is a PHP based bug tracking system.

Anthill version 0.1.6.1 (and prior) fails to sanitize user input, allowing HTML and script code to be entered by users into the bug tracking system. This code is then interpreted by other users' browsers when they view the affected pages.

Because AntHill uses cookies to authenticate users, this could be used by a malicious user to steal login information from other users.