oss-sec mailing list archives

CVE request: spip: cross-site scripting vulnerability

From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 20 Jan 2014 16:08:46 +0100

Hi

I would like to request a CVE for the following cross-site scripting
vulnerability in spip: authors could inject code via their name, which
is displayed in the signature of their articles and author page.

Upstream fixed this issue in 3.0.13[1,2,3] and also for the 2.1 branch
in [4,5].

 [1] http://www.spip.net/fr_article5648.html
 [2] http://core.spip.org/projects/spip/repository/revisions/20902
 [3] http://zone.spip.org/trac/spip-zone/changeset/77768
 [4] http://core.spip.org/projects/spip/repository/revisions/20972
 [5] http://www.spip.net/fr_article5665.html

Could a CVE be assigned for this issue? (unfortunately the changes
entries are only in french)

Regards,
Salvatore

Current thread:

CVE request: spip: cross-site scripting vulnerability Salvatore Bonaccorso (Jan 20)
- Re: CVE request: spip: cross-site scripting vulnerability cve-assign (Jan 20)