FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gforge -- XSS and email flood vulnerabilities

Affected packages
0 < gforge

Details

VuXML ID d7cd5015-08c9-11da-bc08-0001020eed82
Discovery 2005-07-27
Entry 2005-08-09

Jose Antonio Coret reports that GForge contains multiple Cross Site Scripting vulnerabilities and an e-mail flood vulnerability:

The login form is also vulnerable to XSS (Cross Site Scripting) attacks. This may be used to launch phising attacks by sending HTML e-mails (i.e.: saying that you need to upgrade to the latest GForge version due to a security problem) and putting in the e-mail an HTML link that points to an specially crafted url that inserts an html form in the GForge login page and when the user press the login button, he/she send the credentials to the attackers website.

The 'forgot your password?' feature allows a remote user to load a certain URL to cause the service to send a validation e-mail to the specified user's e-mail address. There is no limit to the number of messages sent over a period of time, so a remote user can flood the target user's secondary e-mail address. E-Mail Flood, E-Mail bomber.

References

Bugtraq ID 14405
CVE Name CVE-2005-2430
CVE Name CVE-2005-2431
Message 1122496636.26878.2.camel@localhost.localdomain