Description
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.
Affected products
- process-one / ejabberd2.0.3
- process-one / ejabberd0.9 – 0.9
- process-one / ejabberd0.9.1 – 0.9.1
- process-one / ejabberd0.9.8 – 0.9.8
- process-one / ejabberd1.0.0 – 1.0.0
- process-one / ejabberd1.1.0 – 1.1.0
- process-one / ejabberd1.1.1 – 1.1.1
- process-one / ejabberd1.1.1.0 – 1.1.1.0
- process-one / ejabberd1.1.1.1 – 1.1.1.1
- process-one / ejabberd1.1.2 – 1.1.2
- process-one / ejabberd1.1.3 – 1.1.3
- process-one / ejabberd1.1.14 – 1.1.14
- process-one / ejabberd2.0.0 – 2.0.0
- process-one / ejabberd2.0.0 – 2.0.0
- process-one / ejabberd2.0.0 – 2.0.0
- process-one / ejabberd2.0.1_2 – 2.0.1_2
- process-one / ejabberd2.0.2 – 2.0.2
References
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/49289
- MISChttp://www.securityfocus.com/bid/34133
- VENDOR_ADVISORYhttp://secunia.com/advisories/34354
- MISChttp://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204
- VENDOR_ADVISORYhttp://www.debian.org/security/2009/dsa-1774
- MISChttp://osvdb.org/52714
- MISChttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg00735.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/34781
- VENDOR_ADVISORYhttp://secunia.com/advisories/34340
- MISChttps://www.redhat.com/archives/fedora-package-announce/2009-March/msg00675.html
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/03/16/1