CVE-2009-0417

Name of the Vulnerable Software and Affected Versions Agavi versions 0.11 through 0.11.5 Agavi versions 1.0 through 1.0.0 beta 7

Description A cross-site scripting (XSS) issue exists due to improper handling of certain characters in crafted URLs by the AgaviWebRouting::gen(null) method. This can be exploited by remote attackers to inject arbitrary web script or HTML, particularly in web browsers that do not strictly follow RFC 3986, such as Internet Explorer 6 and 7.

Recommendations For Agavi versions 0.11 through 0.11.5, update to version 0.11.6 or later. For Agavi versions 1.0 through 1.0.0 beta 7, update to version 1.0.0 beta 8 or later.