Open Source Development Network: >> Slashcode >> 2.0 Security Vulnerabilities
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.
CVSS Score
2.6
EPSS Score
0.004
Published
2002-05-31
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.
CVSS Score
4.6
EPSS Score
0.002
Published
2001-12-31