CVE-2009-0359 – Samizdat 0.6.1 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2009-0359

Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Samizdat anterior a v0.6.2 permite a usuarios autenticados remotamente inyectar secuencias de comando web o HTML de su elección a través del (1) título del mensaje o (2) nombre completo de usuario. Samizdat versions 0.6.1 and below suffer from a persistent cross site scripting vulnerability. • http://osvdb.org/52022 http://samizdat.nongnu.org/release-notes/samizdat-0.6.1-xss-escape-title.patch http://www.mail-archive.com/debian-testing-security-announce%40lists.debian.org/msg00171.html http://www.nongnu.org/samizdat/release-notes/samizdat-0.6.2.html http://www.securityfocus.com/archive/1/500961/100/0/threaded http://www.securityfocus.com/bid/33768 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •