Package: phpgedview Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for phpgedview.
CVE-2007-5051[0]: | Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView | 4.1.1 allow remote attackers to inject arbitrary web script or HTML | via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid | parameters in ancestry.php, and the (4) newpid parameter in | timeline.php. NOTE: the provenance of this information is unknown; the | details are obtained solely from third party information. If you fix this vulnerability please also include the CVE id in your changelog entry. I checked this issue and the mentioned variables are not sanitized before displayed. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5051 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgppKSIomPzgg.pgp
Description: PGP signature
