Package: spip Severity: normal XSS in SPIP spip_login.php3 and spip_pass.php3:
http://pridels.blogspot.com/2005/12/spip-xss-vuln.html SPIP contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to paremters in "spip_login.php3" "spip_pass.php3" fields isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-686-smp Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
