Veridis OpenKeyServer Cross Site Scripting Vulnerability

Veridis OpenKeyServer Cross Site Scripting Vulnerability

Veridis OpenKeyServer is a public key repository for PGP based encryption. It supports a web interface for clients and synchronization with other key servers. It is available for Linux, FreeBSD, Solaris and Mac OS X.

A vulnerablity has been reported in the web interface used by OpenKeyServer. Certain pages are constructed which include user supplied data, opening a cross site scripting vulnerability.