oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE id request: libjs-swfupload

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 16 Jul 2012 12:29:23 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/16/2012 12:17 PM, Nico Golde wrote:

Hi, there is an XSS issue in libjs-swfupload. Can we get a CVE id
for this?

Details: 
https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/



http://code.google.com/p/swfupload/issues/detail?id=376

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681323

Cheers Nico



There also appears to be a CSRF vulnerability. Is there a reason for
only mentioning the XSS?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQBF2DAAoJEBYNRVNeJnmT4FQP/1PFGBLf0LGnmcW8owqtxDcl
D404TJbfeCReqEkX+jHSpNgo+GvJOh1dHYsEV/epMudPNIfYeWJDZCo8co0JApl/
IfwFZLj9SWuqF2OBK73RzBsKAnvRIaA7MhRS95T6gfA7CSjD1cFHbbzU2sVSIBFc
hmK3plOS/WtCjTskQkjrFWuAtMDkw/FxmColCZ7ypYR+A2lN9NFojrJfzc9LyOsV
fhnjm2FA0zc/Q2xs/o3FMuB7ZNYPfqAvZ2in1ME0XUHqAvPZ1Z1xi2mb/Ck1gJFQ
6s9o0ZyAPb5tQmsB0tGXeE+maua7JrFYZeTRzgZNukpPzYiNAZPVem0aWGCgXuzb
U1yGxEJR0715e7qjFqVC/Gmm+E12bR6nDI0Zw+TEsVMHDJMkvmeNegQ780d8xMRB
1wYo7vPZAvTR65PVP5a2LaJTVY1DE5KDG75ajYO2i4KMLUZ5Sc9RAvyscgiGD9kO
0mtZnjMa8hdqWwCdtwmIHU4hh0D769b/hddbgJyeXSMZaLU8P+7l1015s+jxVfus
YSltIEfapkSYjowsG6m3WOIi8JwLrqtWrsGiS5WQfiYFxJ0KYXeMFj058QlQ5Hdx
ebVCgOtSoqpyDH6CYo+pFN2hvBcpDzngqvYfE6ujqqSHYogULuSY29H4NF7dUzVp
cgrCwk9Z2eGj2tnQwo8u
=k/2Y
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: