Download
| Alert*
DSA-1486 gnatsweb -- cross-site scripting
r0t discovered that gnatsweb, a web interface to GNU GNATS, did not correctly sanitize the database parameter in the main CGI script. This could allow the injection of arbitrary HTML, or JavaScript code.
|