oss-sec mailing list archives
Re: CVE request: lxr
From: Josh Bressers <bressers () redhat com>
Date: Fri, 14 May 2010 15:40:10 -0400 (EDT)
----- "Dan Rosenberg" <dan.j.rosenberg () gmail com> wrote:
Josh, The XSS in the title string was already assigned CVE-2010-1448. Do you mean to assign issue #2, the XSS reflected in search results?
Sigh, yes. So to sum it up: 1. XSS in the ident parameter, as described in CVE-2009-4497. 2. XSS that is reflected via the search results page after issuing This one is now CVE-2010-1625 3. 3. XSS that is reflected via the <title> tag on the search page, as described in Raphael's original e-mail a few days ago, which Josh assigned CVE-2010-1448 Thanks. -- JB
Current thread:
- CVE request: lxr Raphael Geissert (May 02)
- Re: CVE request: lxr Dan Rosenberg (May 03)
- Re: CVE request: lxr Henri Salo (May 03)
- Re: CVE request: lxr Josh Bressers (May 03)
- Re: CVE request: lxr Henri Salo (May 03)
- Re: CVE request: lxr Dan Rosenberg (May 03)
- Re: CVE request: lxr Henri Salo (May 03)
- Re: CVE request: lxr Steven M. Christey (May 06)
- Re: CVE request: lxr Dan Rosenberg (May 06)
- Re: CVE request: lxr Josh Bressers (May 14)
- Re: CVE request: lxr Dan Rosenberg (May 14)
- Re: CVE request: lxr Josh Bressers (May 14)
- Re: CVE request: lxr Dan Rosenberg (May 03)