'Re: [oss-security] [Fwd: Cross-Site Scripting in Banshee DAAP'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] [Fwd: Cross-Site Scripting in Banshee DAAP
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-03-31 1:23:22
Message-ID: Pine.GSO.4.51.0903302123090.9303 () faron ! mitre ! org
[Download RAW message or body]

======================================================
Name: CVE-2009-1175
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1175
Reference: CONFIRM:http://bugzilla.gnome.org/show_bug.cgi?id=577270

Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in
the DAAP extension in Banshee 1.4.2 allows remote attackers to inject
arbitrary web script or HTML via the server parameter, which is not
properly handled in an error message.

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic