oss-sec mailing list archives
CVE Request: XSS in smokeping / start and end time fields not filtered
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 20 Jul 2013 09:13:44 +0200
Hi Kurt There is another XSS fix which was done after the 2.6.9 release for smokeping. In [1] Steven Chamberlain pointed out that in 2.6.9 upstrem the "start" and "end" time fields are still not filtered. Tobi Oetiker fixed this in a commit following the 2.6.9 release at [2]. But this version is no yet released. [1] http://bugs.debian.org/659899#67 [2] https://github.com/oetiker/SmokePing/commit/bad9f9c28f0939b269f90072aa4cf41f20f15563 Does this also needs a separate CVE, as a subsequent fix to the 2.6.9 release? Regards, Salvatore
Current thread:
- CVE Request: XSS in smokeping / start and end time fields not filtered Salvatore Bonaccorso (Jul 20)
- Re: CVE Request: XSS in smokeping / start and end time fields not filtered Kurt Seifried (Jul 25)