oss-sec mailing list archives

CVE Request Smarty / php-Smarty: XSS in Smarty exception messages

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 19 Sep 2012 13:43:12 -0400 (EDT)

Hello Kurt, Steve, vendors,

  a cross-site scripting (XSS) flaw was found in the way Smarty
sanitized exception messages:
[1] http://secunia.com/advisories/50589/
[2] http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt

Upstream patch:
[3] http://code.google.com/p/smarty-php/source/detail?r=4658

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

P.S.: Going through the OSS archive from 2012-09 it doesn't seem
      this has got a CVE identifier yet (but didn't look to posts
      from previous months).

Current thread:

CVE Request Smarty / php-Smarty: XSS in Smarty exception messages Jan Lieskovsky (Sep 19)
- Re: CVE Request Smarty / php-Smarty: XSS in Smarty exception messages Kurt Seifried (Sep 19)