Executive Summary

Summary
Title new gforge packages fix cross site scripting
Informations
Name DSA-1475 First vendor Publication 2008-01-26
Vendor Debian Last vendor Modification 2008-01-26
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

José Ramón Palanco discovered th a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session.

For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch5.

The old stable distribution (sarge) is not affected by this problem.

For the unstable distribution (sid) this problem has been fixed in version 4.6.99+svn6347-1.

We recommend that you upgrade your gforge package.

Original Source

Url : http://www.debian.org/security/2008/dsa-1475

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18345
 
Oval ID: oval:org.mitre.oval:def:18345
Title: DSA-1475-1 gforge - cross site scripting
Description: José Ramón Palanco discovered that a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session.
Family: unix Class: patch
Reference(s): DSA-1475-1
CVE-2007-0176
 Version: 7
Platform(s): Debian GNU/Linux 4.0
 Product(s): gforge
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7846
 
Oval ID: oval:org.mitre.oval:def:7846
Title: DSA-1475 gforge -- missing input sanitising
Description: Joseacute Ramoacuten Palanco discovered that a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session. The old stable distribution (sarge) is not affected by this problem.
Family: unix Class: patch
Reference(s): DSA-1475
CVE-2007-0176
 Version: 3
Platform(s): Debian GNU/Linux 4.0
 Product(s): gforge
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2008-01-31 Name : Debian Security Advisory DSA 1475-1 (gforge)
File : nvt/deb_1475_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
31248 GForge advanced_search.php words Parameter XSS

Nessus® Vulnerability Scanner

Date Description
2008-01-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1475.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:27:16
  • Multiple Updates