oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: lxr

From: Josh Bressers <bressers () redhat com>
Date: Fri, 14 May 2010 15:40:10 -0400 (EDT)

----- "Dan Rosenberg" <dan.j.rosenberg () gmail com> wrote:


Josh,

The XSS in the title string was already assigned CVE-2010-1448.  Do
you mean to assign issue #2, the XSS reflected in search results?



Sigh, yes.

So to sum it up:

1.  XSS in the ident parameter, as described in CVE-2009-4497.

2.  XSS that is reflected via the search results page after issuing
This one is now CVE-2010-1625

3. 3.  XSS that is reflected via the <title> tag on the search page, as
described in Raphael's original e-mail a few days ago, which Josh assigned
CVE-2010-1448

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: