oss-sec mailing list archives
CVE Request Smarty / php-Smarty: XSS in Smarty exception messages
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 19 Sep 2012 13:43:12 -0400 (EDT)
Hello Kurt, Steve, vendors, a cross-site scripting (XSS) flaw was found in the way Smarty sanitized exception messages: [1] http://secunia.com/advisories/50589/ [2] http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt Upstream patch: [3] http://code.google.com/p/smarty-php/source/detail?r=4658 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: Going through the OSS archive from 2012-09 it doesn't seem this has got a CVE identifier yet (but didn't look to posts from previous months).
Current thread:
- CVE Request Smarty / php-Smarty: XSS in Smarty exception messages Jan Lieskovsky (Sep 19)
- Re: CVE Request Smarty / php-Smarty: XSS in Smarty exception messages Kurt Seifried (Sep 19)