FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

torrentflux -- User-Agent XSS Vulnerability

Affected packages
0 <= torrentflux

Details

VuXML ID 72f21372-55e4-11db-a5ae-00508d6a62df
Discovery 2006-09-30
Entry 2006-10-07
Modified 2006-10-15

Steven Roddis reports that User-Agent string is not properly escaped when handled by torrentflux. This allows for arbitrary code insertion.

References

Bugtraq ID 20371
CVE Name CVE-2006-5227
URL http://secunia.com/advisories/22293/
URL http://www.stevenroddis.com.au/2006/10/06/torrentflux-user-agent-xss-vulnerability/