Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-200601-13 Moderate: Trac HTML Injection Vulnerability

gentoo
Calendar Grey January 26, 2006
Dist Gentoo Esm H88
Examine the Gentoo GLSA 200601-12 concerning the cross-site scripting vulnerability in Trac, which permits script injections. Obtain the necessary patches immediately.
Trac is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution.

Summary

Gentoo Linux Security Advisory GLSA 200601-12 https://security.gentoo.org/ Severity: Low Title: Trac: Cross-site scripting vulnerability Date: January 26, 2006 Bugs: #118302 ID: 200601-12

Synopsis ======= Trac is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution.
Background ========= Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/trac < 0.9.3 >= 0.9.3
========== Christophe Truc discovered that Trac fails to properly sanitize input passed in the URL.
Impact ===== A remote attacker ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo cross-site scripting low severity attack risk Trac script injection

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
low
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory gentoo cross-site scripting low severity attack risk Trac script injection

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here