oss-sec mailing list archives

Re: CVE request: webcalendar before 1.2.5 XSS

From: Henri Salo <henri () nerv fi>
Date: Mon, 30 Apr 2012 10:17:21 +0300

On Sat, Apr 28, 2012 at 11:11:40AM +0200, Hanno Böck wrote:

Upstream release notes:
http://sourceforge.net/mailarchive/message.php?msg_id=28915339

 - Fixes for various security vulnerabilities include LFI (local
file inclusion), XSS (cross site scripting) and others.


Further info for the XSS:
http://seclists.org/bugtraq/2012/Jan/128

The local file inclusion here
http://www.naked-security.com/nsa/208799.htm
is said to be CVE-2012-1496, but no info on the CVE database yet.


-- 
Hanno Böck            mail/jabber: hanno () hboeck de
GPG: BBB51E42         http://www.hboeck.de/


CVE-identifier for XSS announced in here http://seclists.org/bugtraq/2012/Jan/128 has been requested in here 
http://seclists.org/oss-sec/2012/q1/416 which got CVE-2012-0846.

What other vulnerabilities there is in WebCalendar before 1.2.5?

- Henri Salo

Current thread:

CVE request: webcalendar before 1.2.5 XSS Hanno Böck (Apr 28)
- Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo (Apr 28)
- Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo (Apr 30)