oss-sec mailing list archives
Re: CVE request: webcalendar before 1.2.5 XSS
From: Henri Salo <henri () nerv fi>
Date: Sat, 28 Apr 2012 15:26:33 +0300
On Sat, Apr 28, 2012 at 11:11:40AM +0200, Hanno Böck wrote:
Upstream release notes: http://sourceforge.net/mailarchive/message.php?msg_id=28915339 - Fixes for various security vulnerabilities include LFI (local file inclusion), XSS (cross site scripting) and others. Further info for the XSS: http://seclists.org/bugtraq/2012/Jan/128 The local file inclusion here http://www.naked-security.com/nsa/208799.htm is said to be CVE-2012-1496, but no info on the CVE database yet. -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
These might be related (at least the second one): http://osvdb.org/show/osvdb/81329 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1495 http://osvdb.org/show/osvdb/81330 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1496 I can request more details from the vendor and email Mitre so we get those CVEs updated. - Henri Salo
Current thread:
- CVE request: webcalendar before 1.2.5 XSS Hanno Böck (Apr 28)
- Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo (Apr 28)
- Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo (Apr 30)