Advisory ID:
SA-2009-1
Version:
< 0.6.5
Security risk:
Critical
Exploitable from:
Remote
Vulnerability:
Cross Site Scripting

Description

The log in page does not properly escape one URL parameter before output. An attacker could attempt a cross site scripting attack which may in some cases may compromise the web server.

Versions affected

  • All versions prior to 0.6.5
  • SVN versions prior to revision 161

Solution

Install the latest version:

Reported by

Zach Lanier.