oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: XSS in nusoap

From: Raphael Geissert <geissert () debian org>
Date: Fri, 03 Sep 2010 15:13:50 -0500
Hi,

A XSS vulnerability has been reported against the nusoap PHP library caused 
by insufficient sanitation of untrusted data ($_SERVER['PHP_SELF']) -- 
CWE-79.

Original report against mantisbt:
http://www.mantisbt.org/bugs/view.php?id=12312

Report against nusoap (and further references):
http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005

The fixes proposed by David Hicks[1] (from mantisbt) add escaping to some 
other variables, but I haven't verified if they are actually exploitable (if 
that's so, the patch might need to pass the charset to htmlentities too.)

[1]http://git.mantisbt.org/?p=mantisbt.git;a=commit;h=edb817991b99cd5538f102be26865fde7c6b7212

Could a CVE id be assigned?

Thanks,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Previous By Date Next
Previous By Thread Next

Current thread: