Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Just_for_fun_network_management_system | Jffnms | 0.8.3 (including) | 0.8.3 (including) |
| Jffnms | Ubuntu | dapper | * |
| Jffnms | Ubuntu | edgy | * |
| Jffnms | Ubuntu | feisty | * |
References
- http://marc.info/?l=full-disclosure\u0026m=118151087109711\u0026w=2
- http://secunia.com/advisories/25587
- http://secunia.com/advisories/26769
- http://www.debian.org/security/2007/dsa-1374
- http://www.securityfocus.com/archive/1/471039/100/0/threaded
- http://www.securityfocus.com/bid/24414
- http://marc.info/?l=full-disclosure\u0026m=118151087109711\u0026w=2
- http://secunia.com/advisories/25587
- http://secunia.com/advisories/26769
- http://www.debian.org/security/2007/dsa-1374
- http://www.securityfocus.com/archive/1/471039/100/0/threaded
- http://www.securityfocus.com/bid/24414