MySQL Eventum < 2.3.1 Multiple HTML Injection Vulnerabilities
Medium Nessus Network Monitor Plugin ID 5798
The remote web server hosts a web application that is affected by multiple cross-site scripting vulnerability.
The remote web server host MySQL Eventum, a web-based issue tracking application. Versions of MySQL Eventum earlier than 2.3.1 are potentially affected by multiple cross-site scripting vulnerabilities : - The application fails to properly sanitize user-supplied input to the 'keywords' parameter of the 'list.php' script. - The application fails to properly sanitize user-supplied input to the 'REQUEST_URI' variable of the 'forgot_password.php' and 'select_project.php' scripts.