oss-sec mailing list archives
CVE request: webcalendar before 1.2.7
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 22 Jul 2013 11:21:25 +0200
Hello, Can I please have three CVEs for webcalendar? http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.7/ - Security fix: Do not show the reason for a failed login (i.e. "no such user") - Security fix: Escape HTML characters in category name. - Security fix: Check all passed in fields (either via HTML form or via URL parameter) for certain malicious tags (script, embed, etc.) and generate fatal error if found. I'm not sure if the first is really considered CVE-relevant. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Attachment:
signature.asc
Description:
Current thread:
- CVE request: webcalendar before 1.2.7 Hanno Böck (Jul 22)
- Re: CVE request: webcalendar before 1.2.7 Kurt Seifried (Jul 22)
- <Possible follow-ups>
- Re: CVE request: webcalendar before 1.2.7 security curmudgeon (Jul 22)
- Re: Re: CVE request: webcalendar before 1.2.7 Kurt Seifried (Jul 25)