GForge multiple scripts cross-site scripting

gforge-multiple-xss (21558) The risk level is classified as MediumMedium Risk

Description:

GForge is vulnerable to cross-site scripting caused by improper validation of user-supplied input. A remote attacker could create a specially-crafted URL to multiple parameters in a URL request to the forum.php, task.php, detail.php, search/.php, and qrs.php scripts, including fields within the login form which, once the URL is clicked, would be executed in the victim's Web browser within the security context of the hosting site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Platforms Affected:

  • Debian, Debian Linux 3.1
  • GForge, GForge 4.5

Remedy:

For Debian GNU/Linux:
Refer to DSA-1094-1 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Gain Access

References:

  • GForge Web site, Summary at http://gforge.org/projects/gforge.
  • GForge Web site, GForge helps you manage the entire development life cycle at http://gforge.org/.
  • BID-14405: Gforge Multiple Cross Site Scripting Vulnerabilities
  • CVE-2005-2430: Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form.
  • DSA-1094: gforge -- missing input sanitising
  • OSVDB ID: 18299: GForge forum.php Multiple Variable XSS
  • OSVDB ID: 18300: GForge task.php project_task_id Variable XSS
  • OSVDB ID: 18301: GForge detail.php id Variable XSS
  • OSVDB ID: 18302: GForge Search Function words Variable XSS
  • OSVDB ID: 18303: GForge qrs.php Multiple Variable XSS
  • OSVDB ID: 18304: GForge Login Form Multiple Field XSS
  • SA16253: GForge Cross-Site Scripting Vulnerabilities

Reported:

Jul 28, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page