Tuesday, November 21, 2006

Torrent Flux XSS vulnerability

Category: Application (File Transfer/Sharing) > TorrentFlux Vendors: torrentflux.com
TorrentFlux Missing Input Validation in HTTP User-Agent Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID: 1017007
SecurityTracker URL: http://securitytracker.com/id?1017007
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Oct 6 2006
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Exploit Included: Yes
Version(s): 2.1
Description: A vulnerability was reported in TorrentFlux. A remote user can conduct cross-site scripting attacks.