oss-sec mailing list archives
CVE Request -- cGit -- XSS flaw in rename hint
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 22 Jul 2011 18:48:38 +0200
Hello Josh, Steve, vendors, an cross-site scripting (XSS) flaw was found in the way cgit, a fast web interface for Git, displayed the file name in the rename hint. A remote attacker could provide a specially-crafted web page, which once visited by an authenticated Cgit user, with push access to the repository, would lead to arbitrary web script or HTML code execution. References: [1] http://hjemli.net/pipermail/cgit/2011-July/000276.html [2] https://bugzilla.redhat.com/show_bug.cgi?id=725042 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 22)
- Re: CVE Request -- cGit -- XSS flaw in rename hint Josh Bressers (Jul 22)
- Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer (Jul 22)
- Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 24)
- Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Lukas Fleischer (Jul 24)
- Re: Re: CVE Request -- cGit -- XSS flaw in rename hint Jan Lieskovsky (Jul 24)