Security advisory SA-2009-1 - Cross site scripting vulnerability - version 0.6.5 released
- Advisory ID: SA-2009-1
- Version: All versions prior to 0.6.5
- Date: 2009-08-25
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Cross Site Scripting
Description
The log in page does not properly escape one URL parameter before output. An attacker could attempt a cross site scripting attack which may in some cases may compromise the web server.
Versions affected
- All versions prior to 0.6.5
- SVN versions prior to revision 161
Solution
Install the latest version:
- Upgrade to version 0.6.5