oss-sec mailing list archives

CVE id request: ikiwiki

From: Nico Golde <oss-security+ml () ngolde de>
Date: Wed, 17 Mar 2010 15:40:50 +0100

Hi,
"javascript insertion via svg uris

Ivan Shmakov pointed out that the htmlscrubber allowed data:image/* urls, 
including data:image/svg+xml. But svg can contain javascript, so that is 
unsafe."
http://ikiwiki.info/security/#index30h2

Can someone please assign a CVE id to this?

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

CVE id request: ikiwiki Nico Golde (Mar 17)
- Re: CVE id request: ikiwiki Steven M. Christey (Mar 30)