CVE-2010-0726

Name of the Vulnerable Software and Affected Versions tdiary versions 2.2.2 and earlier

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML, possibly related to the plugin tb url and plugin tb excerpt parameters. Multiple vulnerabilities in the tdiary package of Debian GNU/Linux can be exploited remotely, potentially disrupting the integrity of protected information.

Recommendations For tdiary versions 2.2.2 and earlier, consider disabling the tb-send.rb plugin until a patch is available. Restrict access to the plugin tb url and plugin tb excerpt parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.