oss-sec mailing list archives
Re: CVE request: XSS vulns in Dotclear v2.9.1
From: cve-assign () mitre org
Date: Tue, 2 Aug 2016 19:50:00 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I found some XSS vulns in Dotclear v2.9.1 There are two reflected XSS vulns in Dotclear v2.9.1 media manager /admin/media.php line 34 $link_type = !empty($_REQUEST['link_type']) ? $_REQUEST['link_type'] : null; line 62 $q = isset($_REQUEST['q']) ? $_REQUEST['q'] : null; /dotclear/admin/media.php?q=[XSS] /dotclear/admin/media.php?link_type=[XSS] Fix Code: https://hg.dotclear.org/dotclear/rev/40d0207e520d
Use CVE-2016-6523 for both of these issues. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXoS7KAAoJEHb/MwWLVhi2FuoP/2KQzJImOr3YJbBtmeneygL+ 0I3PRHXCV9rEgnDG5zJKf7ErqWZuC+9NB+yrUc+rHFsaFeCKNobVx+GU/aBN+rUU nOKLTdsEU1y2y9GT4PPrD5Sas68ubR858oGRB5vwQluMe/DKnQ0lJhIKJ69o3OdK yoRYoGDvytmsgJLXheq2AZGEvIliyqliIhZhyoFLKtrqzGONE4OscJM9QP1WbJSQ W7id+L+pBDWw3aKc5RpnKM6jI4olmREJ7pf34qJzmaGqZIQF7dijSlQ9RlRXfulk rHsK7R6kn7QbzxYKv5gpQyLlGeGbFI9UKgOqDgz41rXsjRh1Yk3WnJqwqIQ5jek7 YnJPj45zbcpG6KxYa0UVpqUDHC7MwHZVR4RI1d0o295esApCyI6ExxhXygaEmksR HoJCpVwQPMhnqG5VOZgQ2JegFOMiWBonan0a434QyXq1j5Gv0iKCiusg6B5Mxwi1 Kq8lmIduOUEhvUSNmsoq/MsrdtT0rZ91jN9b8IPKdgAMBS4ecWe9ShE7arLJbERo V8v3CuT4s7vEKPnGXPiRGISza7pqEKJ1YTHxPAELH4TQ2o2121eQvcC3qyI9KkyF WLlqJ9KTHnU9itqTy/vcrN9/vHWQgGqG2GHGJlXNwXCj0KEuLAdLP7hx9Eupfq9w 6cOz5yeoD/nf1pC1FkH/ =wolV -----END PGP SIGNATURE-----
Current thread:
- CVE request: XSS vulns in Dotclear v2.9.1 陈瑞琦 (Aug 01)
- Re: CVE request: XSS vulns in Dotclear v2.9.1 cve-assign (Aug 02)