oss-sec mailing list archives

Re: [Fwd: Cross-Site Scripting in Banshee DAAP Extension]

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 30 Mar 2009 21:23:22 -0400 (EDT)


======================================================
Name: CVE-2009-1175
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1175
Reference: CONFIRM:http://bugzilla.gnome.org/show_bug.cgi?id=577270

Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in
the DAAP extension in Banshee 1.4.2 allows remote attackers to inject
arbitrary web script or HTML via the server parameter, which is not
properly handled in an error message.

Current thread:

[Fwd: Cross-Site Scripting in Banshee DAAP Extension] Anthony (Mar 30)
- Re: [Fwd: Cross-Site Scripting in Banshee DAAP Extension] Steven M. Christey (Mar 30)