oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: webcalendar before 1.2.5 XSS

From: Hanno Böck <hanno () hboeck de>
Date: Sat, 28 Apr 2012 11:11:40 +0200
Upstream release notes:
http://sourceforge.net/mailarchive/message.php?msg_id=28915339

 - Fixes for various security vulnerabilities include LFI (local
file inclusion), XSS (cross site scripting) and others.


Further info for the XSS:
http://seclists.org/bugtraq/2012/Jan/128

The local file inclusion here
http://www.naked-security.com/nsa/208799.htm
is said to be CVE-2012-1496, but no info on the CVE database yet.


-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: