oss-sec mailing list archives

Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input

From: Secunia Research <vuln () secunia com>
Date: Tue, 30 Mar 2010 13:21:47 +0200

Hi,

This vulnerability was discovered by Secunia and we have already
reserved CVE-2010-0132 for it. Please see SA38918 [1] for more
information.

[1] http://secunia.com/advisories/38918/

Thanks and kind regards,

On Mon, 2010-03-29 at 17:52 -0500, Reed Loden wrote:

Just received an announcement stating ViewVC 1.1.5 and 1.0.11 were
released today (right on the heels of 1.1.4 and 1.0.10, for which I
still haven't received a CVE). Looks like they fix an XSS that needs
a CVE assigned.


-- 
Stefan Cornelius
Security Specialist

Secunia 
Weidekampsgade 14 A
DK-2300 Copenhagen S
Denmark

Phone  +45 7020 5144
Fax    +45 7020 5145

Current thread:

CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Reed Loden (Mar 29)
- Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Secunia Research (Mar 30)
- Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Reed Loden (Mar 30)
  - Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Reed Loden (Mar 30)
  - Re: CVE Request: ViewVC 1.1.5 / 1.0.11 -- XSS via user-provided 'search_re' input Steven M. Christey (Mar 30)