oss-sec mailing list archives
Re: CVE request: webcalendar before 1.2.5 XSS
From: Henri Salo <henri () nerv fi>
Date: Mon, 30 Apr 2012 10:17:21 +0300
On Sat, Apr 28, 2012 at 11:11:40AM +0200, Hanno Böck wrote:
Upstream release notes: http://sourceforge.net/mailarchive/message.php?msg_id=28915339 - Fixes for various security vulnerabilities include LFI (local file inclusion), XSS (cross site scripting) and others. Further info for the XSS: http://seclists.org/bugtraq/2012/Jan/128 The local file inclusion here http://www.naked-security.com/nsa/208799.htm is said to be CVE-2012-1496, but no info on the CVE database yet. -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
CVE-identifier for XSS announced in here http://seclists.org/bugtraq/2012/Jan/128 has been requested in here http://seclists.org/oss-sec/2012/q1/416 which got CVE-2012-0846. What other vulnerabilities there is in WebCalendar before 1.2.5? - Henri Salo
Current thread:
- CVE request: webcalendar before 1.2.5 XSS Hanno Böck (Apr 28)
- Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo (Apr 28)
- Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo (Apr 30)