oss-sec mailing list archives

Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 27 Feb 2012 13:48:25 -0700

On 02/27/2012 09:13 AM, Mateusz Goik wrote:

Sorry. Tested on kadu 0.11.0..

Mateusz Goik.

On 02/27/2012 05:11 PM, Mateusz Goik wrote:

Hi,

I would add it is possible - read / create files on users hdd. (using
the method - GET / PUT)
Tested on Backtrack 5 r1 (kadu 0.10.0 - compiled from source).

Mateusz Goik


Can you post a summary of the vulnerabilities and the affected
version(s)? I'm sort of confused on this.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Current thread:

Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history, (continued)
- - - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 28)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Marcus Meissner (Feb 29)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 29)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 27)
  - Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik (Feb 27)
    - Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik (Feb 27)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 27)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 27)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 29)