| VID |
210120 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The host seems to be running MySQL Eventum, which has multiple vulnerabilities.
Eventum is a flexible issue tracking system written in PHP that uses a MySQL backend database. Eventum versions 2.3.1 and earlier are vulnerable to XSS vulnerabilities,
'forgot_password.php' script does not properly sanitize user input
before returning it as part of the HTML response.
* References:
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4989.php
https://bugs.launchpad.net/eventum/+bug/706385
* Platforms Affected:
MySQL AB Eventum prior to 2.3.1
Any operating system Any version |
| Recommendation |
Upgrade to the new version of Eventum (2.3.1 or later), when new version fixed this problem becomes available from the MySQL AB Web site at http://dev.mysql.com/downloads/other/eventum/ |
| Related URL |
(CVE) |
| Related URL |
46380 (SecurityFocus) |
| Related URL |
(ISS) |
|
