oss-sec mailing list archives
CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 19 Sep 2011 11:25:58 +0200
See http://status.net/2011/08/02/security-alert-for-all-versions-of-statusnet "Incorrectly sanitized input from the URL for "tag stream" pages, combined with incorrect encoding of dynamically-generated JavaScript, allows an attacker to create a carefully-crafted URL that will execute arbitrary JavaScript code on other users' browsers." -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2 Hanno Böck (Sep 19)
- Re: CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2 Josh Bressers (Sep 22)