Description
Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions.
Affected products
- andrew_godwin / bytehoard2.0.0 – 2.0.0
- andrew_godwin / bytehoard2.0.1 – 2.0.1
- andrew_godwin / bytehoard2.0.2 – 2.0.2
- andrew_godwin / bytehoard2.0.3 – 2.0.3
- andrew_godwin / bytehoard2.0.4 – 2.0.4
- andrew_godwin / bytehoard2.0.5 – 2.0.5
- andrew_godwin / bytehoard2.0_beta1 – 2.0_beta1
- andrew_godwin / bytehoard2.0_beta2 – 2.0_beta2
- andrew_godwin / bytehoard2.1_alpha – 2.1_alpha
- andrew_godwin / bytehoard2.1_beta – 2.1_beta
- andrew_godwin / bytehoard2.1_delta – 2.1_delta
- andrew_godwin / bytehoard2.1_gamma – 2.1_gamma
References
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/2033
- MISChttp://www.securityfocus.com/bid/18136
- MISChttp://www.securityfocus.com/archive/1/435135/100/0/threaded
- MISChttp://sourceforge.net/forum/forum.php?forum_id=576219
- VENDOR_ADVISORYhttp://secunia.com/advisories/20304
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/26704
- MISChttp://securityreason.com/securityalert/968
- MISChttp://sourceforge.net/project/shownotes.php?release_id=420549&group_id=90199