PT-2007-5472 · Knowledgetree · Knowledgetree Open Source

Published

2007-08-09

Updated

2011-03-08

CVE-2007-4281

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions KnowledgeTree Open Source versions 3.4 through 3.4.1

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the login field on the login page. This can be achieved through unspecified vectors, in addition to the login field.

Recommendations For KnowledgeTree Open Source versions 3.4 through 3.4.1, consider restricting access to the login page until a fix is available. As a temporary workaround, avoid using the login field with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-4281

Affected Products

Knowledgetree Open Source

PT-2007-5472 · Knowledgetree · Knowledgetree Open Source

CVE-2007-4281

Related Identifiers

Affected Products

References · 8