oss-sec mailing list archives
Re: XSS in CollectiveAccess 1.3 and earlier
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 04 Nov 2013 13:17:31 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/04/2013 11:32 AM, Daniel Kahn Gillmor wrote:
There was a cross-site scripting (XSS) vulnerability in CollectiveAccess, a web-based archive cataloging system written in PHP. CollectiveAccess 1.3.1 was released including this fix. http://www.collectiveaccess.org/news/collectiveaccess-version-1-3-1-released/ The issue was reported at: http://clangers.collectiveaccess.org/jira/browse/PROV-638 (the PROV-638 ticket may not be accessible to the public) The changeset fixing it is: https://github.com/collectiveaccess/providence/commit/b54e01419966c8d8f23db532caad91304c977776 Regards, --dkg
Please use CVE-2013-4507 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJSeADbAAoJEBYNRVNeJnmTURYP/0ZSFU1OC2O5JFkaCRvVhgzF ypKBkBlPVHQggxnXq77E3HjPjqRBPJtea3zISPwLk0mBFaCPnmGSVSNwicxo2ry7 QR3cxv5QPl8wWni23xNGByoEwI7RqNUTmrhriSP3wWQ3tsFuu9Bio+L3Mjr/OqG7 YuosmpfSv0zTKWBGmhAJzRtyhqmp4INC1uu/omTc2fELrOKaL9lhnpPGJdehZnRB DqjG9lNpwpLK+7YknTlSwVd6HN4ZNONy0gsEG6Uo19O/l8fSuDn2gcV61Sse92F7 Lc4mVSluWBoforQlE9KrE4PDI6rcXh/32hZAjeXezVa3bweGWg+9A/94aau+cDsF FRSkoruw094//8+Xg9O2EqoIhuaZBIzFleNp0EdxAxDFOJ51pBvQpJD08H9OHjqJ rUrdj2HiIItFnpPl178c/YYoewiNDnyCAYp90K5EVRpWnQsoYQMiTJTYQCdwuQXv eHPcrwLbUEGyIzPUQxrYseslQIWq+Cr/110nYq0QU8iBkxI4bDxkV2QeyuOPbPtn 4TmH5C7Auq7DFEtMaj1BXgd1DeJvaPTj2oEPt0JGgMzEwBo9iBDpD7PFopFcLsv7 oGAHd0+KMr/W/RnhRh6IxuCcGti1zYWbmi3z/t+XSJeTDuqKEdEqAtHY8n+iDCjP E4IcaBRlRbgotx8407bW =jRnU -----END PGP SIGNATURE-----
Current thread:
- XSS in CollectiveAccess 1.3 and earlier Daniel Kahn Gillmor (Nov 04)
- Re: XSS in CollectiveAccess 1.3 and earlier Kurt Seifried (Nov 04)