oss-sec mailing list archives

CVE Request: ViewVC 1.1.4 / 1.0.10 -- XSS via user-provided query form input

From: Reed Loden <reed () reedloden com>
Date: Wed, 10 Mar 2010 16:34:18 -0600

Just received an announcement stating ViewVC 1.1.4 and 1.0.10 were
released today. Looks like they fix an XSS that needs a CVE assigned.

"security fix: escape user-provided query form input to avoid XSS
attack"

http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2313&r2=2342&pathrev=HEAD

Here's the patch for the XSS:
http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2326

* lib/viewvc.py
  (view_queryform): Escape user-provided input before passing it
    directly off to the templates.  Can you say "XSS attack vector"?

~reed

-- 
Reed Loden - <reed () reedloden com>

Attachment: _bin
Description:

Current thread:

CVE Request: ViewVC 1.1.4 / 1.0.10 -- XSS via user-provided query form input Reed Loden (Mar 10)
- Re: CVE Request: ViewVC 1.1.4 / 1.0.10 -- XSS via user-provided query form input Vincent Danen (Mar 16)