oss-sec mailing list archives
Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input
From: Secunia Research <vuln () secunia com>
Date: Tue, 30 Mar 2010 13:21:47 +0200
Hi, This vulnerability was discovered by Secunia and we have already reserved CVE-2010-0132 for it. Please see SA38918 [1] for more information. [1] http://secunia.com/advisories/38918/ Thanks and kind regards, On Mon, 2010-03-29 at 17:52 -0500, Reed Loden wrote:
Just received an announcement stating ViewVC 1.1.5 and 1.0.11 were released today (right on the heels of 1.1.4 and 1.0.10, for which I still haven't received a CVE). Looks like they fix an XSS that needs a CVE assigned.
-- Stefan Cornelius Security Specialist Secunia Weidekampsgade 14 A DK-2300 Copenhagen S Denmark Phone +45 7020 5144 Fax +45 7020 5145
Current thread:
- CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Reed Loden (Mar 29)
- Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Secunia Research (Mar 30)
- Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Reed Loden (Mar 30)
- Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Reed Loden (Mar 30)
- Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Steven M. Christey (Mar 30)