Launchpad.net

CVE 2008-0444

Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via subtext parameter to unspecified components.

Related bugs and status

CVE-2008-0444 (Candidate) is related to these bugs:

Bug #216301: [CVE-2008-0444, CVE-2008-0445] XSS and DoS

		In	Importance	Status
216301	[CVE-2008-0444, CVE-2008-0445] XSS and DoS	elog (Ubuntu)	High	Invalid
216301	[CVE-2008-0444, CVE-2008-0445] XSS and DoS	elog (Debian)	Unknown	Fix Released
216301	[CVE-2008-0444, CVE-2008-0445] XSS and DoS	elog (Ubuntu Dapper)	Undecided	Won't Fix
216301	[CVE-2008-0444, CVE-2008-0445] XSS and DoS	elog (Ubuntu Edgy)	Undecided	Invalid
216301	[CVE-2008-0444, CVE-2008-0445] XSS and DoS	elog (Ubuntu Hardy)	High	Won't Fix
216301	[CVE-2008-0444, CVE-2008-0445] XSS and DoS	elog (Ubuntu Feisty)	Undecided	Won't Fix
216301	[CVE-2008-0444, CVE-2008-0445] XSS and DoS	elog (Ubuntu Gutsy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://midas.psi.ch/el...
BID: 27399
SECUNIA: 28589
OSVDB: 41681
VUPEN: ADV-2008-0265
XF: elog-subtext-xss(39828)