Info2www Cross-Site Scripting Vulnerability
BID:13252
Info
Info2www Cross-Site Scripting Vulnerability
| Bugtraq ID: | 13252 |
| Class: | Input Validation Error |
| CVE: |
CVE-2004-1341 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 19 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovered by Nicolas Gregoire. |
| Vulnerable: |
Roar Smith info2www 1.2.2 .9 |
| Not Vulnerable: | |
Discussion
Info2www Cross-Site Scripting Vulnerability
Info2www is prone to a cross-site scripting vulnerability. This could allow an attacker to place a link that appears safe on a Web page but that will in fact cause script code to be executed in a user's browser.
Info2www is prone to a cross-site scripting vulnerability. This could allow an attacker to place a link that appears safe on a Web page but that will in fact cause script code to be executed in a user's browser.
Exploit / POC
Info2www Cross-Site Scripting Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Info2www Cross-Site Scripting Vulnerability
Solution:
Debian has released advisory DSA 711-1 and fixes to address this issue:
Roar Smith info2www 1.2.2 .9
Solution:
Debian has released advisory DSA 711-1 and fixes to address this issue:
Roar Smith info2www 1.2.2 .9
-
Debian info2www_1.2.2.9-20woody1.diff.gz
http://security.debian.org/pool/updates/main/i/info2www/info2www_1.2.2 .9-20woody1.diff.gz -
Debian info2www_1.2.2.9-20woody1.dsc
http://security.debian.org/pool/updates/main/i/info2www/info2www_1.2.2 .9-20woody1.dsc -
Debian info2www_1.2.2.9-20woody1_all.deb
http://security.debian.org/pool/updates/main/i/info2www/info2www_1.2.2 .9-20woody1_all.deb -
Debian info2www_1.2.2.9.orig.tar.gz
http://security.debian.org/pool/updates/main/i/info2www/info2www_1.2.2 .9.orig.tar.gz
References
Info2www Cross-Site Scripting Vulnerability
References:
References: