Summary
This host is installed with Buildbot and is prone to Cross Site Scripting vulnerability.
Impact
Successful exploitation will allow attacker to inject arbitrary web script or HTML via unspecified vectors and conduct cross-site scripting attacks.
Impact Level: Application
Solution
Upgrade to version 0.7.11p2 or later.
http://sourceforge.net/projects/buildbot/
Insight
This flaw arise because user supplied data passed into the waterfall web status view in status/web/waterfall.py is not sanitised before being returned to the user.
Affected
Buildbot version 0.7.6 through 0.7.11p1 on all platforms.
References
Severity
Classification
-
CVE CVE-2009-2959 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ Multiple Vulnerabilities
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Continuum Cross Site Scripting Vulnerability
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability