[Bug 191196] [NEW] [gnatsweb] [CVE-2007-2808] cross-site scripting vulnerability

hk47 Tue, 12 Feb 2008 01:15:40 -0800

Public bug reported:

Binary package hint: gnatsweb


References:
DSA-1486-1 (http://www.debian.org/security/2008/dsa-1486)

Quoting:
"'r0t' discovered that gnatsweb, a web interface to GNU GNATS, did not
correctly sanitize the database parameter in the main CGI script.  This
could allow the injection of arbitrary HTML, or javascript code."

** Affects: gnatsweb (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: gnatsweb (Debian)
     Importance: Unknown
         Status: Unknown

** Visibility changed to: Public

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-2808

** Bug watch added: Debian Bug tracker #427156
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427156

** Also affects: gnatsweb (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427156
   Importance: Unknown
       Status: Unknown

-- 
[gnatsweb] [CVE-2007-2808] cross-site scripting vulnerability
https://bugs.launchpad.net/bugs/191196
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 191196] [NEW] [gnatsweb] [CVE-2007-2808] cross-site scripting vulnerability

Reply via email to