ProjectForum 22.214.171.12438 and possibly previous versions, are vulnerable to cross site scripting (XSS).
An attacker with access to the ProjectForum wiki can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
We are currently unaware of a practical solution to this problem.
Thanks to Paul Davis for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2011-09-30|
|Date Last Updated:||2011-09-30 11:58 UTC|