oss-sec mailing list archives
[Notification] CVE-2013-6047: ikiwiki-hosting: XSS in site creation interface
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 26 Oct 2013 01:17:04 +0200
Hi This is a notification for the following assigned CVE: CVE-2013-6047: ikiwiki-hosting: XSS in site creation. The XSS only affects ikiwiki-hosting installations that have a controlsite set up with the makesite plugin enabled. This vulnerability was found by Gopal Bisht. XSS fixed in ikiwiki-hosting 0.20131025[1]. [1] http://packages.qa.debian.org/i/ikiwiki-hosting/news/20131025T224825Z.html Upstream commits can be found in the upstream git repository: git://ikiwiki-hosting.branchable.com/ in commits 83b221799e409b407c60fd246fd883d068775016 and 060f1b7728a0983cc010eacebdb94f0a440d98f1. (attached for this notification). Regards, Salvatore
Attachment:
0001-Fix-XSS-in-site-creation-interface.-Thanks-Gopal-Bis.patch
Description:
Attachment:
0002-also-need-to-escape-the-HOSTNAME.patch
Description:
Attachment:
signature.asc
Description: Digital signature
Current thread:
- [Notification] CVE-2013-6047: ikiwiki-hosting: XSS in site creation interface Salvatore Bonaccorso (Oct 25)