letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Link | Tags |
---|---|
http://www.openwall.com/lists/oss-security/2012/08/31/19 | mailing list third party advisory exploit |
https://security-tracker.debian.org/tracker/CVE-2012-4384 | third party advisory vendor advisory |