Bug 123442 - dev-php/adodb: cross site scripting vulnerability
|
Bug#:
123442
|
Product: Gentoo Security
|
Version: unspecified
|
Platform: All
|
|
OS/Version: Linux
|
Status: RESOLVED
|
Severity: minor
|
Priority: P2
|
|
Resolution: FIXED
|
Assigned To: security@gentoo.org
|
Reported By: dercorny@gentoo.org
|
|
Component: Vulnerabilities
|
|
|
URL:
http://www.gulftech.org/?node=research&article_id=00101-02182006
|
|
Summary: dev-php/adodb: cross site scripting vulnerability
|
|
Keywords:
|
|
Status Whiteboard: B4 [noglsa] DerCorny
|
|
Opened: 2006-02-19 21:35 0000
|
There are several Cross Site Scripting issues in ADOdb versions 4.71 and
possibly earlier that may allow for an attacker to render malicious client side
code in the victim's browser.
if (isset($_GET[$next_page])) {
$_SESSION[$curr_page] = $_GET[$next_page];
}
if (empty($_SESSION[$curr_page])) $_SESSION[$curr_page] = 1; ## at first page
$this->curr_page = $_SESSION[$curr_page];
web-apps team please bump, thx.
Not webapps ;) Also, there's no update available now, 4.71 is still latest
version upstream.
Thanks for the notification, dev-php/adodb-4.72 is now in the tree.
Best regards, CHTEKK.
arches pls test and mark stable, thx
Stefan, please add arches when setting [stable]
Target KEYWORDS="alpha amd64 ia64 ppc ppc64 ~sparc x86"
amd64 stable. happy voting!
Hehe thx blubb, i tend to say yes
I tend to say no... Could be convinced otherwise if a major portage package
made use of this...
RDEPs:
dev-php4/adodb-ext-503
dev-php5/adodb-ext-503
net-analyzer/acid-0.9.6_beta23
net-analyzer/acid-0.9.6_beta23-r1
net-analyzer/base-1.2.2
net-analyzer/base-1.2.2-r1
net-www/bugport-1.146
No real XSS victim here, I vote no.
agree with Koon, no major target for Xss, voting NO and closing.
