FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

trac -- cross site scripting vulnerability

Affected packages
trac < 0.10.3
ja-trac < 0.10.3_1

Details

VuXML ID e546c7ce-ce46-11db-bc24-0016179b2dd5
Discovery 2007-03-09
Entry 2007-03-09

Secunia reports:

The vulnerability is caused due to an error within the "download wiki page as text" function, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation may require that the victim uses IE.

[source]

References

URL http://secunia.com/advisories/24470
URL http://trac.edgewall.org/wiki/ChangeLog#a0.10.3.1

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.