The dradis framework, versions 2.5.1 and earlier, contains a flaw that allows cross-site scripting.

This could allow a user to upload a maliciously crafted XML file, such as a Burp Suite report, to execute arbitrary JavaScript code in a user's browser session in the context of the affected dradis instance.

References:

CVE-2010-pending

BID:

FrSIRT: N/A

Nessus:N/A

OSVDB: 

SA: 39875  

XF: 

Related: 

Vendor Solution:Upgrade to 2.5.2