FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-2430

This CVE name corresponds to:

Entered Topic
2005-08-09 gforge -- XSS and email flood vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-2430
Phase Assigned(20050803)

Description

Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form.

References

Source Reference
BUGTRAQ 20050727 Cross Site Scripting vulnerabilities in GForge
DEBIAN DSA-1094
BID 14405
OSVDB 18299
OSVDB 18300
OSVDB 18301
OSVDB 18302
OSVDB 18303
OSVDB 18304
SECUNIA 16253
SECUNIA 20622
XF gforge-multiple-xss(21558)