Cross-site scripting (XSS) vulnerability in xajax prior to 0.2.5 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Debian Bug report logs -
#426103
New upstream release with security fixes
Package:
php-xajax;
Maintainer for php-xajax is Debian QA Group <packages@qadebianorg>; Source for php-xajax is src:php-xajax (PTS, buildd, popcon)
Reported by: Florian Weimer <fw@denebenyode>
Date: Sat, 26 May 2007 10:15:06 UTC
Severity: ...
It was discovered that php-xajax, a library to develop Ajax
applications, did not sufficiently sanitise URLs, which allows attackers
to perform cross-site scripting attacks by using malicious URLs
For the stable distribution (etch) this problem has been fixed in
version 024-2+etch1
For the testing (lenny) and unstable (sid) distributions th ...