CVE-2009-4497

Name of the Vulnerable Software and Affected Versions LXR Cross Referencer versions 0.9.5 through 0.9.6 lxr-cvs (affected versions not specified)

Description The issue concerns a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. Additionally, there are multiple vulnerabilities in the lxr-cvs package that can lead to a breach of protected information integrity, and these can be exploited remotely.

Recommendations For LXR Cross Referencer versions 0.9.5 and 0.9.6, consider restricting access to the ident program to minimize the risk of exploitation. For lxr-cvs, at the moment, there is no information about a newer version that contains a fix for this vulnerability.