oss-sec mailing list archives
CVE request: webcalendar before 1.2.5 XSS
From: Hanno Böck <hanno () hboeck de>
Date: Sat, 28 Apr 2012 11:11:40 +0200
Upstream release notes: http://sourceforge.net/mailarchive/message.php?msg_id=28915339 - Fixes for various security vulnerabilities include LFI (local file inclusion), XSS (cross site scripting) and others. Further info for the XSS: http://seclists.org/bugtraq/2012/Jan/128 The local file inclusion here http://www.naked-security.com/nsa/208799.htm is said to be CVE-2012-1496, but no info on the CVE database yet. -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- CVE request: webcalendar before 1.2.5 XSS Hanno Böck (Apr 28)
- Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo (Apr 28)
- Re: CVE request: webcalendar before 1.2.5 XSS Henri Salo (Apr 30)