Candidate: CVE-2009-3303
PublicDate: 2009-11-24 17:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3303
 http://www.debian.org/security/2009/dsa-1937
Description:
 Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge
 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web
 script or HTML via the helpname parameter.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_gforge:
 vendor: http://www.debian.org/security/2009/dsa-1937
upstream_gforge: released (4.8.1-3)
dapper_gforge: ignored (reached end-of-life)
hardy_gforge: ignored (reached end-of-life)
intrepid_gforge: needed (reached end-of-life)
jaunty_gforge: released (4.7~rc2-7lenny3build0.9.04.1)
karmic_gforge: ignored (reached end-of-life)
lucid_gforge: not-affected (4.8.2-1)
maverick_gforge: not-affected (4.8.2-1)
natty_gforge: DNE
oneiric_gforge: DNE
devel_gforge: DNE