Note: This web site is only kept up to date for OSG Software 1.2 (VDT 2.0.0). If you are looking for information for the most recent release, the RPM-based OSG Software 3.0, please see the OSG documentation web site

VOMRS Security Advisory 2007-08: Cross-Site Scripting


VOMRS is vulnerable to cross-site scripting attacks

Relevant Versions

This advisory affects the following VDT versions:

Date Announced



VOMRS versions up through 1.3.1a contain a cross-site scripting security vulnerability in the VOMRS code. The vulnerability is due to the user input not being validated properly. This vulnerability was discovered by the EGEE Operational Security Coordination Team.


Update your VOMRS installation or get a new installation of VOMRS. Update instructions are provided on the release notes for the VDT version you installed:


Please contact if you have any questions.