[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request: horde-kronolith-2.1.7 XSS in addevent.php
From: Matt Fleming <mattjfleming () googlemail ! com>
Date: 2008-04-27 11:59:45
Message-ID: 20080427115945.GL24538 () console-pimps ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
kronolith-2.1.7 is vulnerale to a cross-site scripting attack because
input passed to the "url" parameter in the file addevent.php is not
properly sanitized.
Can you please assign a CVE id?
http://forum.aria-security.com/showthread.php?t=49
https://bugs.gentoo.org/show_bug.cgi?id=219304
http://secunia.com/advisories/29920/
Thanks,
Matt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (NetBSD)
iQEcBAEBAgAGBQJIFGqxAAoJEK3y1f69VxYbv/kH/3Phg+1xuv3pLc7ZnrS48J2e
k8PRTzpdkgS/3bE1jtjfGWICoHOKu6/N9Gv2RYmWpWl2ATjJ9r/JVsjOpYdhS9Qm
+tRM8O5vWHnIAuhuSMNx+BOVrUJtwcNg27dlhlC1KJyGjgaPAO892uUJfXAti4fW
vQuCueNgnQlF4BI1oagHk9cZ8y2BpbSPa4TknrQV5NdrsN/46fk6Lm9v6aVLUtQv
hZB+HwlWqT2/1Nhb2JAHnYcE4ZlntlFDVQJnLkhZnXPuRyOIYVHNoKm9OZ1kXdBE
5IY0sJ3yeJnXTL49IcHf+vMbyTIcK8e6JZq0ipfMSDbOH13pc12XXbhkXtjTznU=
=xezF
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic