oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2

From: Josh Bressers <bressers () redhat com>
Date: Thu, 22 Sep 2011 08:35:56 -0400 (EDT)
----- Original Message -----

See
http://status.net/2011/08/02/security-alert-for-all-versions-of-statusnet

"Incorrectly sanitized input from the URL for "tag stream" pages,
combined with incorrect encoding of dynamically-generated JavaScript,
allows an attacker to create a carefully-crafted URL that will execute
arbitrary JavaScript code on other users' browsers."


Please use CVE-2011-3370.

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: