Published:2006/04/19 Last Updated:2008/05/21
JVN#84091359
Trac cross-site scripting vulnerability
Overview
Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability.
Products Affected
- Trac 0.94 and earlier versions of 0.9 series
- Trac-ja 0.94 and earlier versions of 0.9 series
Description
Impact
A remote attacker could possibly execute an arbitrary script on the user's web browser.
Solution
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| InterAct Co., Ltd. | Vulnerable | 2006/04/20 |
| Vendor | Link |
| Edgewall Software |
Trac 0.9.5 Released |
|
Change Log |
References
JPCERT/CC Addendum
Credit
Kazuhiro Nishiyama reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000613 |