oss-sec mailing list archives

[Notification] CVE-2013-6047: ikiwiki-hosting: XSS in site creation interface

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 26 Oct 2013 01:17:04 +0200

Hi

This is a notification for the following assigned CVE:

CVE-2013-6047: ikiwiki-hosting: XSS in site creation.

The XSS only affects ikiwiki-hosting installations
that have a controlsite set up with the makesite plugin enabled. This
vulnerability was found by Gopal Bisht.

XSS fixed in ikiwiki-hosting 0.20131025[1].

 [1] http://packages.qa.debian.org/i/ikiwiki-hosting/news/20131025T224825Z.html

Upstream commits can be found in the upstream git repository:

git://ikiwiki-hosting.branchable.com/

in commits 83b221799e409b407c60fd246fd883d068775016 and
060f1b7728a0983cc010eacebdb94f0a440d98f1.

(attached for this notification).

Regards,
Salvatore

Attachment: 0001-Fix-XSS-in-site-creation-interface.-Thanks-Gopal-Bis.patch
Description:

Attachment: 0002-also-need-to-escape-the-HOSTNAME.patch
Description:

Attachment: signature.asc
Description: Digital signature

Current thread:

[Notification] CVE-2013-6047: ikiwiki-hosting: XSS in site creation interface Salvatore Bonaccorso (Oct 25)