Cross-site scripting (XSS) vulnerability in the AgaviWebRouting::gen(null) method in Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with certain characters that are not properly handled by web browsers that do not strictly follow RFC 3986, such as Internet Explorer 6 and 7.
References
Link | Resource |
---|---|
http://blog.agavi.org/post/75829956/agavi-0-11-6-released-fixes-vulnerability | Patch Vendor Advisory |
http://blog.agavi.org/post/75830918/agavi-1-0-0-beta-8-released-fixes-vulnerability | Patch Vendor Advisory |
http://trac.agavi.org/ticket/1019 | Vendor Advisory |
http://www.securityfocus.com/bid/33826 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-02-06T00:00:00
Updated: 2009-03-13T09:00:00
Reserved: 2009-02-03T00:00:00
Link: CVE-2009-0417
JSON object: View
NVD Information
Status : Modified
Published: 2009-02-10T07:00:20.327
Modified: 2009-03-13T05:46:54.280
Link: CVE-2009-0417
JSON object: View
Redhat Information
No data.
CWE