oss-sec mailing list archives
Re: CVE request: lxr
From: Nico Golde <oss-security+ml () ngolde de>
Date: Sat, 31 Jul 2010 16:03:52 +0200
Hi, * Josh Bressers <bressers () redhat com> [2010-05-14 21:48]:
----- "Dan Rosenberg" <dan.j.rosenberg () gmail com> wrote:Josh, The XSS in the title string was already assigned CVE-2010-1448. Do you mean to assign issue #2, the XSS reflected in search results?Sigh, yes. So to sum it up: 1. XSS in the ident parameter, as described in CVE-2009-4497. 2. XSS that is reflected via the search results page after issuing This one is now CVE-2010-1625 3. 3. XSS that is reflected via the <title> tag on the search page, as described in Raphael's original e-mail a few days ago, which Josh assigned CVE-2010-1448
CVE-2010-1738 seems to be a dupe of this? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- Re: CVE request: lxr Nico Golde (Jul 31)
- Re: CVE request: lxr Dan Rosenberg (Jul 31)
- Re: CVE request: lxr Steven M. Christey (Aug 20)
- Re: CVE request: lxr Dan Rosenberg (Jul 31)