Info

Disclosure

May 08, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Jorganizer also contains a flaw that allows an attacker to cause HTTP response splitting. The issue is due to ExtLinkAction.java not properly sanitizing the link parameter. This may allow an attacker to inject or manipulate HTTP responses that can lead to Cross-Site Scripting, Web Cache Poisoning and Cross User Attacks.

Classification

Unknown or Incomplete

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

Unknown or Incomplete

References

Related OSVDB ID: 25677
Vendor URL: http://jorganizer.sourceforge.net/
Other Advisory URL: http://osvdb.org/ref/25/25677-jorganizer.txt

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/25678