oss-sec mailing list archives

CVE Request -- Plone -- arbitrary HTML code injection in safe_html

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 21 Jun 2010 21:48:04 +0200

Hi Steve, vendors,

  Plone upstream has released hotfix:
    [1] http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html

fixing (previous) ability to inject arbitrary HTML code in safe_html by content
author.

References:
  [2] http://secunia.com/advisories/40270/

Could you allocate a CVE id for this?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Plone -- arbitrary HTML code injection in safe_html Jan Lieskovsky (Jun 21)
- Re: CVE Request -- Plone -- arbitrary HTML code injection in safe_html Matthew Wilkes (Jun 22)
  - Re: Re: CVE Request -- Plone -- arbitrary HTML code injection in safe_html Steven M. Christey (Jun 22)