Name of the Vulnerable Software and Affected Versions:

WhatCD Gazelle versions prior to 63b337026d49b5cf63ce4be20fdabdc880112fa3

Description:

A vulnerability exists in WhatCD Gazelle that allows for cross-site scripting. The issue is located in an unknown function within the `/sections/tools/managers/change log.php` file of the Commit Message Handler component. Manipulation of the `Message` argument can be used to perform the attack remotely. The exploit has been publicly disclosed.

Recommendations:

Update WhatCD Gazelle to a version prior to 63b337026d49b5cf63ce4be20fdabdc880112fa3.