GForge Advanced_Search.PHP Cross Site Scripting Vulnerability

Bugtraq ID:	21946
Class:	Input Validation Error
CVE:	CVE-2007-0176
Remote:	Yes
Local:	No
Published:	Jan 08 2007 12:00AM
Updated:	Jan 28 2008 04:27PM
Credit:	Jose Ramen Palanco is credited with the discovery of this vulnerability.
Vulnerable:	GForge GForge 4.5.19 GForge GForge 4.5.18 GForge GForge 4.5.16 GForge GForge 4.5.14 + Debian Linux 4.0 sparc + Debian Linux 4.0 s/390 + Debian Linux 4.0 powerpc + Debian Linux 4.0 mipsel + Debian Linux 4.0 mips + Debian Linux 4.0 m68k + Debian Linux 4.0 ia-64 + Debian Linux 4.0 ia-32 + Debian Linux 4.0 hppa + Debian Linux 4.0 arm + Debian Linux 4.0 amd64 + Debian Linux 4.0 alpha + Debian Linux 4.0 GForge GForge 4.5.11 GForge GForge 4.6 b3 GForge GForge 4.6 b2 GForge GForge 4.6 b1
Not Vulnerable:

GForge Advanced_Search.PHP Cross Site Scripting Vulnerability

GForge is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

GForge Advanced_Search.PHP Cross Site Scripting Vulnerability

An attacker can exploit this issue by enticing an unsuspecting vicitim to follow a malicious URI.

GForge Advanced_Search.PHP Cross Site Scripting Vulnerability

Solution:
Please see the references for more information.

GForge Advanced_Search.PHP Cross Site Scripting Vulnerability

References:

• GForge Homepage (GForge)
  
• GForge Cross Site Scripting vulnerability ([email protected])