FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ejabberd -- cross-site scripting vulnerability

Affected packages
ejabberd < 2.0.4

Details

VuXML ID cf91c1e4-2b6d-11de-931b-00e0815b8da8
Discovery 2009-03-16
Entry 2009-04-17

SecurityFocus reports:

The ejabberd application is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

References

Bugtraq ID 34133
CVE Name CVE-2009-0934