oss-sec mailing list archives
CVE Request -- Plone -- arbitrary HTML code injection in safe_html
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 21 Jun 2010 21:48:04 +0200
Hi Steve, vendors, Plone upstream has released hotfix: [1] http://plone.org/products/plone/security/advisories/cve-2010-unassigned-html-injection-in-safe_html fixing (previous) ability to inject arbitrary HTML code in safe_html by content author. References: [2] http://secunia.com/advisories/40270/ Could you allocate a CVE id for this? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Plone -- arbitrary HTML code injection in safe_html Jan Lieskovsky (Jun 21)
- Re: CVE Request -- Plone -- arbitrary HTML code injection in safe_html Matthew Wilkes (Jun 22)
- Re: Re: CVE Request -- Plone -- arbitrary HTML code injection in safe_html Steven M. Christey (Jun 22)
- Re: CVE Request -- Plone -- arbitrary HTML code injection in safe_html Matthew Wilkes (Jun 22)