CVE-2005-2430

Name of the Vulnerable Software and Affected Versions GForge version 4.5

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters and fields, including forum id and group id in forum.php, project task id in task.php, id in detail.php, the text field on the search page, group id in qrs.php, form, rows, cols, or wrap parameters in notepad.php, and the login field on the login form.

Recommendations For GForge version 4.5, consider disabling the vulnerable parameters and fields, such as forum id, group id, project task id, id, and others, until a patch is available. Restrict access to the search page and login form to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints, such as /forum.php, /task.php, /detail.php, /qrs.php, and /notepad.php, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.