Note: This web site is only kept up to date for OSG Software 1.2 (VDT 2.0.0). If you are looking for information for the most recent release, the RPM-based OSG Software 3.0, please see the OSG documentation web site

VOMRS Security Advisory 2007-08: Cross-Site Scripting

Summary

VOMRS is vulnerable to cross-site scripting attacks

Relevant Versions

This advisory affects the following VDT versions:

VDT versions 1.6.1 through 1.8.0

Date Announced

2007-08-24

Description

VOMRS versions up through 1.3.1a contain a cross-site scripting security vulnerability in the VOMRS code. The vulnerability is due to the user input not being validated properly. This vulnerability was discovered by the EGEE Operational Security Coordination Team.

Solution

Update your VOMRS installation or get a new installation of VOMRS. Update instructions are provided on the release notes for the VDT version you installed:

• VDT 1.6.1
• VDT 1.7.0
• VDT 1.7.1
• VDT 1.8.0

Questions

Please contact vdt-support@opensciencegrid.org if you have any questions.