Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information.
References 5 Total
- secunia.com: 38898 third-party-advisory
- securityfocus.com: 38700 vdb-entry
- http://freshmeat.net/projects/dl-ticket-service
- osvdb.org: 62884 vdb-entry
- article.gmane.org: [dl-ticket-service] 20100311 dl 0.7 released mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- secunia.com: 38898 third-party-advisoryx_transferred
- securityfocus.com: 38700 vdb-entryx_transferred
- http://freshmeat.net/projects/dl-ticket-service x_transferred
- osvdb.org: 62884 vdb-entryx_transferred
- article.gmane.org: [dl-ticket-service] 20100311 dl 0.7 released mailing-listx_transferred