FreeBSD Ports: gforge

The remote host is missing an update to the system as announced in the referenced advisory.

The following package is affected: gforge CVE-2005-2430 Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form. CVE-2005-2431 The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb).

Update your system with the appropriate patches or software upgrades. http://marc.theaimsgroup.com/?l=bugtraq&m=112259845904350 http://www.vuxml.org/freebsd/d7cd5015-08c9-11da-bc08-0001020eed82.html