Freshmeat is a community driven website which serves as an index of free software projects.
Each of the listed projects contains links to a website, download location and other relevent information.
The site is updated several times a day to include recent releases.
Each project page contains a collection of links and information about it, as well as the ability for visitors to leave comments.
Two forms of comments are allowed plain text, or HTML text.
The attributes of the HTML are inadequately sanitized, allowing a malicious commentor to create links which would execute arbitary javascript.
The following is an example of such a malicious link:
<a href="http://foo.com/" onMouseOver="alert(1);">Foo.com</a>
The site uses a session ID stored in a cookie to keep track of a users state. If a user is logged in and clicks upon a link, (or moves over it depending on the code), then they could be redirected to a different site which could steal their login credentials.
The site admins were informed of the details of the attack and had the problem patched 9 hours later.
Informed Thu, 25 Mar 2004 04:39:06 -0800 (PST) Fixed Thu, 25 Mar 2004 13:10:10 -0800 (PST)