[原文]Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bug_report.php, which are not filtered or quoted when processed by bug_list.php or admin/index.php.
Bug Report contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied "name", "sujet", "commentaires", "os", "navig" and "url" variables upon submission to the bug_report.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server when the malicious user data is viewed via "bug_list.php" or "admin/index.php", leading to a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.