Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MySQL Eventum < 2.3.1 Multiple HTML Injection Vulnerabilities

Medium

Synopsis

The remote web server hosts a web application that is affected by multiple cross-site scripting vulnerability.

Description

The remote web server host MySQL Eventum, a web-based issue tracking application.

Versions of MySQL Eventum earlier than 2.3.1 are potentially affected by multiple cross-site scripting vulnerabilities :

- The application fails to properly sanitize user-supplied input to the 'keywords' parameter of the 'list.php' script.

- The application fails to properly sanitize user-supplied input to the 'REQUEST_URI' variable of the 'forgot_password.php' and 'select_project.php' scripts.

Solution

Upgrade to MySQL Eventum 2.3.1 or later.