DSA-2092-1 lxr-cvs -- missing input sanitizingID: oval:org.secpod.oval:def:600138 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Dan Rosenberg discovered that in lxr-cvs, a code-indexing tool with a web frontend, not enough sanitation of user input is performed; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks. For the stable distribution , this problem has been fixed in version 0.9.5+cvs20071020-1+lenny1. For the testing distribution , this problem has been fixed in version 0.9.5+cvs20071020-1.1. We recommend that you upgrade your lxr-cvs packages.