Package: knowledgetree Severity: important Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2006-2885: "Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php." CVE-2006-2886: "view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS." The advisory is short on details, and it does not appear there is a patch or fixed version available. Please mention the CVE in your changelog. Thanks, Alec -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEjgL4Aud/2YgchcQRAr7+AJwM6MK09kPyWTRPCxgpUgJaFYxwlACghe4d HFFJGNs+GugD+AXIdeQcohU= =GW4Y -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
