FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

trac -- cross site scripting vulnerability

Affected packages
trac < 0.10.3
ja-trac < 0.10.3_1


VuXML ID e546c7ce-ce46-11db-bc24-0016179b2dd5
Discovery 2007-03-09
Entry 2007-03-09

Secunia reports:

The vulnerability is caused due to an error within the "download wiki page as text" function, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation may require that the victim uses IE.