Package: owl-dms Version: 0.95-1 Severity: normal Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for owl-dms.
CVE-2008-3100[0]: | Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve | Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and | earlier allows remote attackers to inject arbitrary web script or HTML | via the username parameter in a getpasswd action to register.php. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3100 http://security-tracker.debian.net/tracker/CVE-2008-3100 There is a fix out there at: http://owl.cvs.sourceforge.net/*checkout*/owl/owl-0.90/lib/owl.lib.php Kind regards, Thomas.
signature.asc
Description: Digital signature