ProjectForum 18.104.22.16838 and possibly previous versions, are vulnerable to cross site scripting (XSS).
An attacker with access to the ProjectForum wiki can conduct a cross site scripting attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
We are currently unaware of a practical solution to this problem.
Thanks to Paul Davis for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:
|Date Last Updated:
|2011-09-30 11:58 UTC