Download
| Alert*
DSA-1475 gforge -- missing input sanitising
Joseacute Ramoacuten Palanco discovered that a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session. The old stable distribution (sarge) is not affected by this problem.
|