'[oss-security] CVE request: horde-kronolith-2.1.7 XSS in addevent.php'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request: horde-kronolith-2.1.7 XSS in addevent.php
From:       Matt Fleming <mattjfleming () googlemail ! com>
Date:       2008-04-27 11:59:45
Message-ID: 20080427115945.GL24538 () console-pimps ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

kronolith-2.1.7 is vulnerale to a cross-site scripting attack because
input passed to the "url" parameter in the file addevent.php is not 
properly sanitized. 

Can you please assign a CVE id?

http://forum.aria-security.com/showthread.php?t=49
https://bugs.gentoo.org/show_bug.cgi?id=219304
http://secunia.com/advisories/29920/

Thanks,
Matt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (NetBSD)

iQEcBAEBAgAGBQJIFGqxAAoJEK3y1f69VxYbv/kH/3Phg+1xuv3pLc7ZnrS48J2e
k8PRTzpdkgS/3bE1jtjfGWICoHOKu6/N9Gv2RYmWpWl2ATjJ9r/JVsjOpYdhS9Qm
+tRM8O5vWHnIAuhuSMNx+BOVrUJtwcNg27dlhlC1KJyGjgaPAO892uUJfXAti4fW
vQuCueNgnQlF4BI1oagHk9cZ8y2BpbSPa4TknrQV5NdrsN/46fk6Lm9v6aVLUtQv
hZB+HwlWqT2/1Nhb2JAHnYcE4ZlntlFDVQJnLkhZnXPuRyOIYVHNoKm9OZ1kXdBE
5IY0sJ3yeJnXTL49IcHf+vMbyTIcK8e6JZq0ipfMSDbOH13pc12XXbhkXtjTznU=
=xezF
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic