oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: moin multiple XSS

From: Josh Bressers <bressers () redhat com>
Date: Fri, 2 Jul 2010 14:53:19 -0400 (EDT)
----- "Raphael Geissert" <geissert () debian org> wrote:


Hi,

Multiple XSS vulnerabilities have been reported in moin.

References:
http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
http://bugs.debian.org/584809

Could a CVE be assigned?

Note that the original bug report only covered PageEditor.py, while
upstream fixed multiple others at the same time. Not sure if you want to
assign two different ids.



I'm going to go with one ID, as they were all fixed at the same time.
CVE-2010-2487


From what I can tell, the extra fixes are mentioned at the end of the moin

advisory, which is enough for me.

Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: