Re: CVE Request: Geeklog 1.7.1 <= Cross Site Scripting Vulnerability

[Kurt Seifried <kseifried () redhat com>]

On 03/23/2012 02:56 AM, Henri Salo wrote:
> Original request here: http://seclists.org/oss-sec/2011/q1/547
>
> http://www.geeklog.net/article.php/geeklog-1.7.1sr1
> http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/20a98e6bab20
> http://yehg.net/lab/pr0js/advisories/[geeklog1.7.1]_cross_site_scripting
> http://osvdb.org/show/osvdb/70245
> http://secunia.com/advisories/42775/
>
> This might have been left unassigned because of 'admin/configuration.php', but at least Geeklog thinks this as 
> important security vulnerability. Needs 2010 identifier, thanks.
>
> - Henri Salo

Please use CVE-2011-4942 for this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)