Summary
The remote host is missing an update to tdiary
announced via advisory DSA 2009-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202009-1
Insight
It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insuficient input sanitising in the TrackBack transmission plugin.
For the stable distribution (lenny), this problem has been fixed in version 2.2.1-1+lenny1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 2.2.1-1.1.
We recommend that you upgrade your tdiary packages.
Severity
Classification
-
CVE CVE-2010-0726 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities