oss-sec mailing list archives
Re: CVE id request: libjs-swfupload
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 16 Jul 2012 12:29:23 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/16/2012 12:17 PM, Nico Golde wrote:
Hi, there is an XSS issue in libjs-swfupload. Can we get a CVE id for this? Details: https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
http://code.google.com/p/swfupload/issues/detail?id=376
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681323 Cheers Nico
There also appears to be a CSRF vulnerability. Is there a reason for only mentioning the XSS? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJQBF2DAAoJEBYNRVNeJnmT4FQP/1PFGBLf0LGnmcW8owqtxDcl D404TJbfeCReqEkX+jHSpNgo+GvJOh1dHYsEV/epMudPNIfYeWJDZCo8co0JApl/ IfwFZLj9SWuqF2OBK73RzBsKAnvRIaA7MhRS95T6gfA7CSjD1cFHbbzU2sVSIBFc hmK3plOS/WtCjTskQkjrFWuAtMDkw/FxmColCZ7ypYR+A2lN9NFojrJfzc9LyOsV fhnjm2FA0zc/Q2xs/o3FMuB7ZNYPfqAvZ2in1ME0XUHqAvPZ1Z1xi2mb/Ck1gJFQ 6s9o0ZyAPb5tQmsB0tGXeE+maua7JrFYZeTRzgZNukpPzYiNAZPVem0aWGCgXuzb U1yGxEJR0715e7qjFqVC/Gmm+E12bR6nDI0Zw+TEsVMHDJMkvmeNegQ780d8xMRB 1wYo7vPZAvTR65PVP5a2LaJTVY1DE5KDG75ajYO2i4KMLUZ5Sc9RAvyscgiGD9kO 0mtZnjMa8hdqWwCdtwmIHU4hh0D769b/hddbgJyeXSMZaLU8P+7l1015s+jxVfus YSltIEfapkSYjowsG6m3WOIi8JwLrqtWrsGiS5WQfiYFxJ0KYXeMFj058QlQ5Hdx ebVCgOtSoqpyDH6CYo+pFN2hvBcpDzngqvYfE6ujqqSHYogULuSY29H4NF7dUzVp cgrCwk9Z2eGj2tnQwo8u =k/2Y -----END PGP SIGNATURE-----
Current thread:
- CVE id request: libjs-swfupload Nico Golde (Jul 16)
- Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 16)
- Re: CVE id request: libjs-swfupload Nico Golde (Jul 16)
- Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 16)
- Re: CVE id request: libjs-swfupload Nico Golde (Jul 17)
- Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 17)
- Re: CVE id request: libjs-swfupload Nico Golde (Jul 17)
- Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 17)
- Re: CVE id request: libjs-swfupload Nico Golde (Jul 16)
- Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 16)