FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

lxr -- multiple XSS vulnerabilities

Affected packages
lxr <= 0.9.6

Details

VuXML ID 0491d15a-5875-11df-8d80-0015587e2cc1
Discovery 2010-01-05
Entry 2010-05-05

Dan Rosenberg reports:

There are several cross-site scripting vulnerabilities in LXR. These vulnerabilities could allow an attacker to execute scripts in a user's browser, steal cookies associated with vulnerable domains, redirect the user to malicious websites, etc.

References

CVE Name CVE-2009-4497
FreeBSD PR ports/146337
URL http://secunia.com/advisories/38117
URL http://sourceforge.net/mailarchive/message.php?msg_name=E1NS2s4-0001PE-F2%403bkjzd1.ch3.sourceforge.com