FreeBSD : gforge -- XSS and email flood vulnerabilities (d7cd5015-08c9-11da-bc08-0001020eed82)
Medium Nessus Plugin ID 56498
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionJose Antonio Coret reports that GForge contains multiple Cross Site Scripting vulnerabilities and an e-mail flood vulnerability :
The login form is also vulnerable to XSS (Cross Site Scripting) attacks. This may be used to launch phising attacks by sending HTML e-mails (i.e.: saying that you need to upgrade to the latest GForge version due to a security problem) and putting in the e-mail an HTML link that points to an specially crafted url that inserts an html form in the GForge login page and when the user press the login button, he/she send the credentials to the attackers website.
The 'forgot your password?' feature allows a remote user to load a certain URL to cause the service to send a validation e-mail to the specified user's e-mail address. There is no limit to the number of messages sent over a period of time, so a remote user can flood the target user's secondary e-mail address. E-Mail Flood, E-Mail bomber.
SolutionUpdate the affected package.