oss-sec mailing list archives

CVE request: serendipity before 1.6 backend XSS in karma plugin

From: Hanno Böck <hanno () hboeck de>
Date: Fri, 28 Oct 2011 10:02:25 +0200

http://blog.s9y.org/archives/233-Serendipity-1.6-released.html

"Fixes a backend XSS issue in the karma plugin and media database
filtering, thanks to Stefan Schurtz!"

If anyone asks: Backend XSS are a security issue in multiuser webapps,
one less priviliged user can use them to gain more privilege.

Please assign CVE.

-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:

Current thread:

CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 28)
- Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 28)
  - Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Hanno Böck (Oct 29)
    - Re: CVE request: serendipity before 1.6 backend XSS in karma plugin Kurt Seifried (Oct 29)