Project Open ]po[ version 3.4 and possibly earlier versions suffer from a reflective cross-site scripting (XSS) vulnerability in the account-closed.tcl script
The XSS vulnerability (CWE-79) is contained within the message parameter in the account-closed.tcl script.
We are currently unaware of a practical solution to this problem.
Thanks to Michail Poultsakis for reporting this vulnerability.
This document was written by Jared Allar.
|Date First Published:||2012-02-03|
|Date Last Updated:||2014-07-24 22:19 UTC|