icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

MySQL Eventum < 2.3.1 Multiple HTML Injection Vulnerabilities

Medium

Synopsis

The remote web server hosts a web application that is affected by multiple cross-site scripting vulnerability.

Description

The remote web server host MySQL Eventum, a web-based issue tracking application.

Versions of MySQL Eventum earlier than 2.3.1 are potentially affected by multiple cross-site scripting vulnerabilities :

- The application fails to properly sanitize user-supplied input to the 'keywords' parameter of the 'list.php' script.

- The application fails to properly sanitize user-supplied input to the 'REQUEST_URI' variable of the 'forgot_password.php' and 'select_project.php' scripts.

Solution

Upgrade to MySQL Eventum 2.3.1 or later.