[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: MoinMoin Wiki (XSS in rss link)
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-12-30 3:41:01
Message-ID: 50DFB7CD.9080007 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/29/2012 07:37 AM, Tilmann Haak wrote:
> Hi all,
>
> there is an XSS issue in MoinMoin wiki, version 1.9.5. Function
> rsslink() in "theme/__init__.py" does not properly escape the page
> name parameter.
>
> Details can be found at: http://moinmo.in/SecurityFixes
>
> A fix is available at:
> http://hg.moinmo.in/moin/1.9/rev/c98ec456e493
>
> Could you please assign a CVE number?
>
> kind regards, Tilmann
Please use CVE-2012-6082 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQ37fNAAoJEBYNRVNeJnmTpYEP/A0cs4VB2U3aUQE03Toh7cHH
j0hjXhMRImATSDwI61qay9CUOhm1Hr5G0bNXs7XWGy95wGaxOzX62i241dpWa7Bf
qj1sWwDH960ZiVx9712B7Gxab6kVeQjpluBLqcpwazilh4mPjwES5a0AZuQbS0nw
DrjbDvXs/bWFGLZf8PnQ/CWZWVOiO/4pXn8dcWaz2FA7ZwPK8FMn7gp5BvZAlzpI
ruxOGpCJ5UiFgMFht/x8rk4HPf+vYnDbO5H9dvf68JyzTTG1klxqFSSYD5aEilLi
P8WXL4Rfjmu/XPasW20tnPMmZq8720QU+jmuARNGAEpsKwE2aDdxk+qiJ12I4UYu
HRHMsMEyvmPTrkGiwTx0ELoTwPTF8XASX6LhSir+tc/yO3Z5Rv+RzfIr1hUWj197
NYk30W/m2XTJOWBc+hgLtmqMxJXwbcmRfdbribpok7O/pxVFToWufPui0uuQLuBg
N90wgaFgGTVE1Zig6sWhzRSRtSgB6vngMDxNr4TTLXyij/jRZprN3Pj0miLCvyay
lqP8+XNKC13yvSG+1rioHYVaoh7FlORHxTE2jLiQzaNWxoyNFlSTb0U4fGgDo8XC
4YrAKZxQqGD1yK7pzeMUwhd159U6PGDH/cOr6gffmH2trp3oj2C9zml/BaZj5vJn
teeSNebc390umJaM+HUm
=kR7s
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic