Package: mnogosearch
Severity: important
Tags: security

Hi Thorsten,
the following CVE (Common Vulnerabilities & Exposures) id was
published for mnogosearch.

CVE-2007-5588[0]:
| Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43
| allows remote attackers to inject arbitrary web script or HTML via the
| t parameter in search.cgi, as reachable from search.htm-dist.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

I am not entirely sure if the version in unstable is 
not affected, please contact upstream about that. At least 
the version in stable and testing is.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5588

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpEO8GT66Epq.pgp
Description: PGP signature

Reply via email to