oss-sec mailing list archives
XSS in CollectiveAccess 1.3 and earlier
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Mon, 04 Nov 2013 13:32:42 -0500
There was a cross-site scripting (XSS) vulnerability in CollectiveAccess, a web-based archive cataloging system written in PHP.
CollectiveAccess 1.3.1 was released including this fix. http://www.collectiveaccess.org/news/collectiveaccess-version-1-3-1-released/ The issue was reported at: http://clangers.collectiveaccess.org/jira/browse/PROV-638 (the PROV-638 ticket may not be accessible to the public) The changeset fixing it is: https://github.com/collectiveaccess/providence/commit/b54e01419966c8d8f23db532caad91304c977776 Regards, --dkg
Current thread:
- XSS in CollectiveAccess 1.3 and earlier Daniel Kahn Gillmor (Nov 04)
- Re: XSS in CollectiveAccess 1.3 and earlier Kurt Seifried (Nov 04)