oss-sec mailing list archives
CVE request: spip: cross-site scripting vulnerability
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 20 Jan 2014 16:08:46 +0100
Hi I would like to request a CVE for the following cross-site scripting vulnerability in spip: authors could inject code via their name, which is displayed in the signature of their articles and author page. Upstream fixed this issue in 3.0.13[1,2,3] and also for the 2.1 branch in [4,5]. [1] http://www.spip.net/fr_article5648.html [2] http://core.spip.org/projects/spip/repository/revisions/20902 [3] http://zone.spip.org/trac/spip-zone/changeset/77768 [4] http://core.spip.org/projects/spip/repository/revisions/20972 [5] http://www.spip.net/fr_article5665.html Could a CVE be assigned for this issue? (unfortunately the changes entries are only in french) Regards, Salvatore
Current thread:
- CVE request: spip: cross-site scripting vulnerability Salvatore Bonaccorso (Jan 20)
- Re: CVE request: spip: cross-site scripting vulnerability cve-assign (Jan 20)