FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

trac -- Wiki Macro Script Insertion Vulnerability

Affected packages
ja-trac < 0.9.5
trac < 0.9.5

Details

VuXML ID 400d9d22-d6c5-11da-a14b-00123ffe8333
Discovery 2006-04-28
Entry 2006-05-02

Secunia reports:

A vulnerability has been reported, which can be exploited by malicious people to conduct script insertion attacks.

Input passed using the wiki macro isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.

References

URL http://jvn.jp/jp/JVN%2384091359/index.html
URL http://projects.edgewall.com/trac/wiki/ChangeLog
URL http://secunia.com/advisories/19870/