[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: serendipity before 1.6 backend XSS
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2011-10-30 0:56:22
Message-ID: 4EACA0B6.6010501 () redhat ! com
[Download RAW message or body]
On 10/29/2011 06:37 AM, Hanno Böck wrote:
> Am Fri, 28 Oct 2011 09:04:43 -0600
> schrieb Kurt Seifried <kseifried@redhat.com>:
>
> > Can you please send more details, i.e. which file is responsible/or a
> > link to a commit fixing this? Thanks.
> Commit is here:
> https://github.com/s9y/Serendipity/commit/a7861fabd328c3c468f0853355686dd7e39cc4ac#plugins/serendipity_event_karma/serendipity_event_karma.php
>
> Responsible file:
> plugins/serendipity_event_karma/serendipity_event_karma.php
>
Ahh our good friend htmlspecialchars().
Please use CVE-2011-4090 for this issue.
--
-Kurt Seifried / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic