oss-sec mailing list archives
Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 30 Mar 2010 13:49:08 -0400 (EDT)
On Tue, 30 Mar 2010, Reed Loden wrote:
Apparently, Secunia has already assigned this CVE-2010-0132, as per their advisory that just came out... http://secunia.com/secunia_research/2010-26/ Again, still need a CVE for the XSS fix in ViewVC 1.1.4 and 1.1.10, however.
Here's what I have: CVE-2010-0736 - XSS in view_queryform (lib/viewvc.py) in 1.1.x before 1.1.4, and 1.0 before 1.0.10. (Note that Vincent Danen assigned a CVE last week at http://www.openwall.com/lists/oss-security/2010/03/16/14) CVE-2010-0132 - Secunia-assigned; for "regular expression search" before 1.0.11 / 1.1.5 - Steve
Current thread:
- CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Reed Loden (Mar 29)
- Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Secunia Research (Mar 30)
- Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Reed Loden (Mar 30)
- Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Reed Loden (Mar 30)
- Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Steven M. Christey (Mar 30)