CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2005-2430
https://notcve.org/view.php?id=CVE-2005-2430
Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form. Múltiples vulnerabilidades de secuencia de comandos en sitios cruzados en GForge 4.5 permiten que atacantes remotos inyecten script web arbitrario o HTML mediante: el parámetro (1) forum_id o (2) group_id a forum.php, (3) parámetro project_task_id a task.php, (4)parámetro id a detail.php, (5) el campo de texto en la página de búsqueda, (6) parámetro group_id a qrs.php, (7) form, (8) rows, (9) cols o (10) parámetro wrap a notepad.php, o (11) el campo de login en la página de login. • http://marc.info/?l=bugtraq&m=112259845904350&w=2 http://secunia.com/advisories/16253 http://secunia.com/advisories/20622 http://www.debian.org/security/2006/dsa-1094 http://www.osvdb.org/18299 http://www.osvdb.org/18300 http://www.osvdb.org/18301 http://www.osvdb.org/18302 http://www.osvdb.org/18303 http://www.osvdb.org/18304 http://www.securityfocus.com/bid/14405 https://exchange.xforce.ibmcloud.com/vulnerabilities/21558 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2005-0299
https://notcve.org/view.php?id=CVE-2005-0299
Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the (1) dir parameter to controller.php or (2) dir_name parameter to controlleroo.php. • http://marc.info/?l=bugtraq&m=110627132209963&w=2 http://securitytracker.com/id?1012950 http://www.securityfocus.com/bid/12318 https://exchange.xforce.ibmcloud.com/vulnerabilities/18988 •