PLSA-2009-51 Ejabberd: Cross-site scripting - Pardus Security Information

[PLSA 2009-51] Ejabberd: Cross-site scripting

Severity: 2
Type: Remote
Release Date: 2009-04-09

Summary

Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.

Description

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

Packages

Pardus 2008

ejabberd, all before 2.0.4-8-3

Resolution

There are update(s) for ejabberd. You can update them via Package Manager or with a single command from console:

Pardus 2008

pisi up ejabberd

References

http://bugs.pardus.org.tr/show_bug.cgi?id=9426
http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0934