oss-sec mailing list archives
Re: CVE request: crowbar XSS
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 30 Aug 2012 22:32:59 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/30/2012 06:15 AM, Thomas Biege wrote:
Hi, Matthias Weckbecker of SUSE Linux Products GmbH has found the following issue in crowbar: http://crowbar.test.de:3000/utils?waiting=true&file=foo'%3B})% 3B}alert(document.cookie)</script><!-- https://github.com/SUSE-Cloud/barclamp-crowbar/commit/90e905b7668a1cc884fb70040f96c7a0a287de48 https://github.com/SUSE-Cloud/barclamp-crowbar/commit/a82ed926c6e3ba2b0cada213c35e4b00f34ea629 Cheers, Thomas
Please use CVE-2012-3551 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQQD57AAoJEBYNRVNeJnmTRRwQAJQ9FNgVLZOOot7BqQeeK0V7 +/UHgz8C7i/lrNGRfoMPxg21a9nKb7ol4jzNnpeG4dHsmFdMfkXm5f3qvbvWkd+n zJsDd/JmNQ9bUPHRVXYyZaJhzEy+/dOxs2ItT1Fq5Bh2s1gZQT0nSIwG0ITku0K1 NDy9/1rHSnpmJUa8asyNSWC39xBaPTW5xxqRW0SbJ/ogtzL4WhESl9Hn1+yiKzwn v6+/TH6Bg32P2c7WItppS6DVOVGyV+yIHlm8X1s+HbBpf1rDo6HS0/sJ/HUTp3SU 9bnzX7X6DPdlyjIPIgJbs6Xq4F5lfytlguIahrOR3GmJoBHVl/oGrlOxaPqTUtwn Y/0crH3QFN9Eb6PUf9DMODTBGJ+XryD//6eXfoHrTMHBi4vUWfA3svK5GLKB1+Lj +n/Mk0IpRPBcRtkQ1zVlwDmyixWfBeYNRVfdQiEL5yCpHO5z0sDZDiijG/6vPdZ0 wAUEIRy6FzbuCkCrJ4nH9wtCVdvXD/gBZDUp4fhDt2vsnesg5Rv1UrROyNw19IJO /eatRGSWbzLCo1PdNib/nqtUsHNf3c3wsqBHASrK9jjSPvv94b97DcKoRylzD/6V /D21JeNc1mY50iJdIxmJXokmev4qXhS3p9uxW1NvUKs9A0YXhhWeVF13YXajtIOl zmOj/jXJ4jIRY0EXiYDX =r8Gw -----END PGP SIGNATURE-----
Current thread:
- CVE request: crowbar XSS Thomas Biege (Aug 30)
- Re: CVE request: crowbar XSS Kurt Seifried (Aug 30)