Debian Security Advisory

DSA-1692-1 php-xajax -- insufficient input sanitising

Date Reported:
27 Dec 2008
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2007-2739.
More information:

It was discovered that php-xajax, a library to develop Ajax applications, did not sufficiently sanitise URLs, which allows attackers to perform cross-site scripting attacks by using malicious URLs.

For the stable distribution (etch) this problem has been fixed in version 0.2.4-2+etch1.

For the testing (lenny) and unstable (sid) distributions this problem has been fixed in version 0.2.5-1.

We recommend that you upgrade your php-xajax package.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Architecture-independent component:

MD5 checksums of the listed files are available in the original advisory.