oss-sec mailing list archives

Re: CVE request: serendipity before 1.6 backend XSS in karma plugin

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 28 Oct 2011 09:04:43 -0600

On 10/28/2011 02:02 AM, Hanno Böck wrote:

http://blog.s9y.org/archives/233-Serendipity-1.6-released.html

"Fixes a backend XSS issue in the karma plugin and media database
filtering, thanks to Stefan Schurtz!"

If anyone asks: Backend XSS are a security issue in multiuser webapps,
one less priviliged user can use them to gain more privilege.

Please assign CVE.

Can you please send more details, i.e. which file is responsible/or a
link to a commit fixing this? Thanks.

-- 

-Kurt Seifried / Red Hat Security Response Team

Current thread:

CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 28)
- Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 28)
  - Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 29)
    - Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 29)