oss-sec mailing list archives
blosxom XSS issue (CVE-2008-2236)
From: Gerfried Fuchs <rhonda () deb at>
Date: Thu, 2 Oct 2008 18:30:47 +0200
Hi! I'd like to inform you of a XSS issue in blosxom which was reported by Yoshinori Ohta of Business Architects Inc. and got assigned the IDs CVE-2008-2236 and JVN#03300113. The problem allowed to inject arbitrary output into the default error page and possibly any plugin that uses the $flavour variable in its output directly. A fixed version was released today and announced on the blosxom-users list: <http://sourceforge.net/mailarchive/forum.php?thread_name=20081002155914.GL10579%40sym.noone.org&forum_name=blosxom-users> The Debian Bug about the issue: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500873> The patch to fix the problem: <http://blosxom.cvs.sourceforge.net/viewvc/blosxom/blosxom2/blosxom.cgi?r1=1.83&r2=1.84> Hope that helps. :) Rhonda
Current thread:
- blosxom XSS issue (CVE-2008-2236) Gerfried Fuchs (Oct 02)