oss-sec mailing list archives
Re: CVE request: moin multiple XSS
From: Josh Bressers <bressers () redhat com>
Date: Fri, 2 Jul 2010 14:53:19 -0400 (EDT)
----- "Raphael Geissert" <geissert () debian org> wrote:
Hi, Multiple XSS vulnerabilities have been reported in moin. References: http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg http://bugs.debian.org/584809 Could a CVE be assigned? Note that the original bug report only covered PageEditor.py, while upstream fixed multiple others at the same time. Not sure if you want to assign two different ids.
I'm going to go with one ID, as they were all fixed at the same time. CVE-2010-2487
From what I can tell, the extra fixes are mentioned at the end of the moin
advisory, which is enough for me. Thanks. -- JB
Current thread:
- CVE request: moin multiple XSS Raphael Geissert (Jul 01)
- Re: CVE request: moin multiple XSS Josh Bressers (Jul 02)