GForge Cross Site Scripting vulnerability
Version: Tested on GForge 4.5.11
Discovered by: Jos Ramn Palanco: jose.palanco(at)eazel(dot)es
GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting.
To exploit any attacker may send via GET method the "words" variable to:
where X is any active project in the gforge installation.