Security advisory SA-2009-1 - Cross site scripting vulnerability

Submitted by kmo on Tue, 25/08/2009 - 22:09

Advisory ID:

SA-2009-1

Version:

< 0.6.5

Security risk:

Critical

Exploitable from:

Remote

Vulnerability:

Cross Site Scripting

Description

The log in page does not properly escape one URL parameter before output. An attacker could attempt a cross site scripting attack which may in some cases may compromise the web server.

Versions affected

All versions prior to 0.6.5
SVN versions prior to revision 161

Solution

Install the latest version:

Upgrade to version 0.6.5

Reported by

Zach Lanier.