oss-sec mailing list archives
Re: CVE-request: Webcalendar 1.2.4 location XSS
From: Henri Salo <henri () nerv fi>
Date: Sun, 12 Feb 2012 10:17:46 +0200
On Sat, Feb 11, 2012 at 11:04:19PM -0500, Eitan Adler wrote:
On Sat, Feb 11, 2012 at 11:41 AM, Henri Salo <henri () nerv fi> wrote:This seems to be missing 2012 CVE. Original report: http://seclists.org/bugtraq/2012/Jan/128 Project page: https://sourceforge.net/projects/webcalendar/ Version affected: 1.2.4 (the newest)So far as I could see the newest version is 1.2.3 (http://sourceforge.net/projects/webcalendar/?source=directory and http://www.k5n.us/webcalendar.php?topic=News don't list 1.2.4)
Page http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/ lists 1.2.4 version. I have no idea why the other page doesn't list it at all. No reply to bug-report: http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870 and only thing I found strange in the report is "Version: 1.2.5" as there isn't such available. I can verify this advisory if you want. - Henri Salo
Current thread:
- CVE-request: Webcalendar 1.2.4 location XSS Henri Salo (Feb 11)
- Re: CVE-request: Webcalendar 1.2.4 location XSS Eitan Adler (Feb 11)
- Re: CVE-request: Webcalendar 1.2.4 location XSS Henri Salo (Feb 12)
- Re: CVE-request: Webcalendar 1.2.4 location XSS Henri Salo (Feb 12)
- Re: CVE-request: Webcalendar 1.2.4 location XSS Kurt Seifried (Feb 13)
- Re: CVE-request: Webcalendar 1.2.4 location XSS Henri Salo (Feb 12)
- Re: CVE-request: Webcalendar 1.2.4 location XSS Eitan Adler (Feb 11)