oss-sec mailing list archives

CVE Request for XSS vulnerability in Ushahidi Web

From: Robbie Mackay <robbie () ushahidi com>
Date: Wed, 24 Apr 2013 10:04:35 +1200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Robb Driscoll (ohrodr) has reported an exploitable XSS bug with report
descriptions in Ushahidi_Web (https://github.com/ushahidi/Ushahidi_Web).

Original bug report https://github.com/ushahidi/Ushahidi_Web/issues/1009

This will be fixed in the next release Ushahidi 2.7, along with other
general XSS issues. We've done a general overhaul of our XSS
protection and  https://github.com/ushahidi/Ushahidi_Web/pull/1056

Would a CVE normally be assigned just for the specific issue? or for
the general fixes to XSS protection as well?

Regards,
Robbie Mackay

Software Developer, External Projects
Ushahidi Inc
e: robbie () ushahidi com
skype: robbie.mackay
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJRdwVzAAoJEKnxsxigzOTXTi0H/Aw7An7XmKVrE74HA/W6Qx98
RfM3FwR6N4JaUYQrpLeUkq2VOuSnFzwX2u0DftK6pOYKYH7VeNnXqchhHcD3DdVa
+uSh5uCVdMQD6/eKv6akJR5O8jjq3IYAwyjXk26yAjmOd7Vyl31MXkRuv9hnu9+S
sbgGMjIr+hHrAFIyX56H3e7BefJVx/F1K/R3KPI8pMcLhrnF7q8sb1tlYVCPWdLo
rSyo0Igpctx/KQuDYsDGAjF7NomHuT51jjZWL6PGl5czmC637/s4AzGcoMhNlMn5
NNPeogW6JuZQPN9/MX03QfI2Ots5XkjE/fIE0gdgt1Uc3Yjlrs4/+CwCj2X+8l8=
=17Qf
-----END PGP SIGNATURE-----

Current thread:

CVE Request for XSS vulnerability in Ushahidi Web Robbie Mackay (Apr 23)
- Re: CVE Request for XSS vulnerability in Ushahidi Web Kurt Seifried (Apr 29)