CVE-2009-3303

Gforge - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter.

References (4)

[Vendor Advisory] http://secunia.com/advisories/37450

[Patch] http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch12.diff.gz

[Patch] http://www.debian.org/security/2009/dsa-1937

[Patch] http://www.securityfocus.com/bid/37088

Scores

EPSS 0.0026

EPSS Percentile 48.7%

Classification

CWE

CWE-79

Status published

Affected Products (4)

gforge/gforge

n/a/n/a

Timeline

Published Nov 24, 2009

Tracked Since Feb 18, 2026