oss-sec mailing list archives
Re: CVE request: moodle xss in < 1.8.5
From: Nico Golde <oss-security+ml () ngolde de>
Date: Tue, 8 Jul 2008 23:52:21 +0200
Hi Steven, * Steven M. Christey <coley () linus mitre org> [2008-07-08 19:54]:
On Tue, 8 Jul 2008, Hanno [utf-8] Böck wrote:Am Sonntag 06 Juli 2008 schrieb Nico Golde:Hi Hanno, * Hanno Böck <hanno () hboeck de> [2008-07-06 19:04]:http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5 * KSES related XSS security vulnerability fixedThis should be CVE-2008-1502:This looks like a shared codebase relationship, which would usually involve the same CVE. If the issue is really in KSES, then CVE-2008-1502 would need to be updated to reflect that it affects KSES as used in egroupWare, Moodle, and others. Can anyone clarify?
http://cvs.moodle.org/moodle/lib/kses.php?r1=1.3.2.2&r2=1.3.2.3 http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.581.4.10&r2=1.581.4.11 Did you get the vulnerability notes by the initial bug reporter that I forwarded to you + vendor-sec? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE request: moodle xss in < 1.8.5 Hanno Böck (Jul 06)
- Re: CVE request: moodle xss in < 1.8.5 Nico Golde (Jul 06)
- Re: CVE request: moodle xss in < 1.8.5 Hanno Böck (Jul 08)
- Re: CVE request: moodle xss in < 1.8.5 Nico Golde (Jul 08)
- Re: CVE request: moodle xss in < 1.8.5 Steven M. Christey (Jul 08)
- Re: CVE request: moodle xss in < 1.8.5 Nico Golde (Jul 08)
- Re: CVE request: moodle xss in < 1.8.5 Nico Golde (Jul 11)
- Re: CVE request: moodle xss in < 1.8.5 Hanno Böck (Jul 08)
- Re: CVE request: moodle xss in < 1.8.5 Nico Golde (Jul 06)