oss-sec mailing list archives
Re: CVE Request - XXS in phpMyID (openid_error)
From: cve-assign () mitre org
Date: Fri, 18 Apr 2014 15:08:02 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
There is a XXS vulnerability in phpMyID v0.9 /MyID.config.php?openid.mode=error&openid_error=[XSS] Here is the code at fault: MyID.php Project Page: http://siege.org/phpmyid Code: https://www.siege.org/oss/phpMyID/trunk/MyID.php The author has stated that the project is no longer maintained
Use CVE-2014-2890. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTUXeZAAoJEKllVAevmvmsTqUH/0lj63Sm9zLIwh4tfTh7kqW0 95p3b2lMyPIPaDWTxeaXkth30vJ7CHrfHMSKg5rgN2Un1KzKQ91YYT77X63hn/fZ 1r6N8OOVAdqgDi2T0GzLO6i0flomBwyLhjeSyUSdCXDHWo2UCOKJjwXuCR85eOAq 2raBampv/yoWr/bgQ5FLmWS2ksqF5+Dcr0DqyF05H/uvMgzudB093id9S+buHuTT Yc7+bds48Ep4HTt3wRfAt9wHOAkIMV1yuesJ+SuUWo4rx2Y/QPA+PJ9VpyycgIBL PdWJ+UzoED3Rdiah/jOPwOfLoaWqwZnhkDKhNvFPt1byxG6GJBlj88MJbFjK634= =Uo8b -----END PGP SIGNATURE-----
Current thread:
- CVE Request - XXS in phpMyID (openid_error) Adam Caudill (Apr 16)
- Re: CVE Request - XXS in phpMyID (openid_error) cve-assign (Apr 18)