oss-sec mailing list archives
Re: CVE request: serendipity before 1.6 backend XSS in karma plugin
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 28 Oct 2011 09:04:43 -0600
On 10/28/2011 02:02 AM, Hanno Böck wrote:
http://blog.s9y.org/archives/233-Serendipity-1.6-released.html "Fixes a backend XSS issue in the karma plugin and media database filtering, thanks to Stefan Schurtz!" If anyone asks: Backend XSS are a security issue in multiuser webapps, one less priviliged user can use them to gain more privilege. Please assign CVE.
Can you please send more details, i.e. which file is responsible/or a link to a commit fixing this? Thanks. -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 28)
- Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 28)
- Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 29)
- Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 29)
- Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 29)
- Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 28)