oss-sec mailing list archives
CVE request: Zenphoto admin-news-articles.php date parameter XSS
From: Henri Salo <henri () nerv fi>
Date: Thu, 11 Oct 2012 16:58:44 +0300
Hello, Can we assign 2012 CVE-identifier for issue in Zenphoto zp-core/zp-extensions/zenpage/admin-news-articles.php date parameter XSS, thanks. http://osvdb.org/85899 http://seclists.org/fulldisclosure/2012/Oct/17 http://secunia.com/advisories/50799/ http://scott-herbert.com/blog/2012/10/02/cookie-stealing-and-xss-vulnerable-in-zenphotoversion-1-4-3-2-1130 Not fixed in 1.4.3.3. Will be fixed in next bugfix release beginning of November. Fix in http://www.zenphoto.org/svn/trunk/: foo@bar:~/zenphoto/trunk$ svn diff -r10048:10942 zp-core/zp-extensions/zenpage/admin-news-articles.php Index: zp-core/zp-extensions/zenpage/admin-news-articles.php =================================================================== --- zp-core/zp-extensions/zenpage/admin-news-articles.php (revision 10048) +++ zp-core/zp-extensions/zenpage/admin-news-articles.php (revision 10942) @@ -109,13 +109,13 @@ <h1><?php echo gettext('Articles'); ?> <?php if (isset($_GET['category'])) { - echo "<em>".sanitize($_GET['category']).'</em>'; + echo "<em>".html_encode(sanitize($_GET['category'])).'</em>'; } if (isset($_GET['date'])) { - echo '<em><small> ('.$_GET['date'].')</small></em>'; + $_zp_post_date = sanitize($_GET['date']); + echo '<em><small> ('.html_encode($_zp_post_date).')</small></em>'; // require so the date dropdown is working set_context(ZP_ZENPAGE_NEWS_DATE); - $_zp_post_date = sanitize($_GET['date']); } if(isset($_GET['published'])) { switch ($_GET['published']) { - Henri Salo
Current thread:
- CVE request: Zenphoto admin-news-articles.php date parameter XSS Henri Salo (Oct 11)
- Re: CVE request: Zenphoto admin-news-articles.php date parameter XSS Kurt Seifried (Oct 11)