DSA-1692 php-xajax -- insufficient input sanitisingID: oval:org.mitre.oval:def:7894 | Date: (C)2009-12-15 (M)2021-07-09 |
Class: PATCH | Family: unix |
It was discovered that php-xajax, a library to develop Ajax applications, did not sufficiently sanitise URLs, which allows attackers to perform cross-site scripting attacks by using malicious URLs. For the stable distribution (etch) this problem has been fixed in version 0.2.4-2+etch1. For the testing (lenny) and unstable (sid) distributions this problem has been fixed in version 0.2.5-1. We recommend that you upgrade your php-xajax package.