[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: serendipity < 1.5.4 xss
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-08-31 19:29:15
Message-ID: 1449401253.941441283282955256.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2010-2957
Thanks.
--
JB
----- "Hanno Böck" <hanno@hboeck.de> wrote:
> http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html
>
> http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html
>
> "as well as a XSS security issue discovered and reported by High-Tech
> Bridge.
> The XSS is only exploitable though, if you are using the "Remember me"
> feature
> in the Serendipity backend to login."
>
>
>
> --
> Hanno Böck Blog: http://www.hboeck.de/
> GPG: 3DBD3B20 Jabber/Mail: hanno@hboeck.de
>
> http://schokokeks.org - professional webhosting
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic