[PLSA 2009-51] Ejabberd: Cross-site scripting
- Severity: 2
- Type: Remote
- Release Date: 2009-04-09
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.
- ejabberd, all before 2.0.4-8-3
There are update(s) for ejabberd. You can update them via Package Manager or with a single command from console:
pisi up ejabberd