oss-sec mailing list archives
CVE request: SKS non-persistent XSS
From: Kristian Fiskerstrand <kristian.fiskerstrand () sumptuouscapital com>
Date: Thu, 01 May 2014 22:58:04 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, A non-persistent client-side cross-site scripting attack was reported against SKS[0] resulting from improper input sanitation before writing to a client. The issue has been fixed in the development trunk[1] for inclusion in an upcoming 1.1.5 release. Initial report and findings: https://bugzilla.mozilla.org/show_bug.cgi?id=952077 by Haris (whitehat () hotmail rs) References: [0] https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss [1] https://bitbucket.org/skskeyserver/sks-keyserver/pull-request/30/issue26-fix-a-non-persistent-cross-site - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- Nomina stultorum scribuntur ubique locorum Fools have the habit of writing their names everywhere -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJTYrVZAAoJEPw7F94F4TagadMQAIYeE8WpsEY2pb7+BpHj8WtT kg8OoNR+Cr43z6qvD8+zLBaKRWSuFR5Soj6Pk61/lfIYyojmGUlhY1F401ylDDfn ciEH0CIg16L3NCmMTzlslFGeqTOltUlnGlaeV02QkgSWzW4wAIxfEP3G+gu5PkSk lkynKRvAix9Dmqruv2EiABiiOjQuJxjirJbZlng4HFiYkAggDyIEj9vGvYfS3tA6 DU5ui3EEExopFdlL0e9yBKIDZ+dZzeowsWLIOcuBSjaG7a0+PE1rMUFcW0xrvJ2B tbW3l9Xp9wwNMh0Sea4cCVxkCpUMNuthBo1+Hd4fp8NSeO4KbePN5ee3AomZHk3R tv5idY1aNrakYGO0QEAOMYctIjdzysFNti1YHUTIKpD035CJ5+DVSRI5AoQ2ansU zXfglUlVfKaSlq+ZMBOJHUWTKBtS6nPYQlZuU21S0V8WLbstfTE8UI6SFKoQBwMA V7PR8TXmUnA/b0k0DByeI0n08oS4fZuTOHo0bakm+Hg2Ua3m+uK7W1XKrobM6uM/ q4J2sQTraPa0mMQLRpu4n+mSZTHHSqygX3yO4n47p58q+SnkEYBFNAFPwUOUdZVA qbl4odZiUitQu1/GsMJujNEzv2gusAW5bxmnsyBglCI61OQIgSsbGcD/LJdwmgWA X3WAKZe1u2xFgoRijGM5 =qi2f -----END PGP SIGNATURE-----
Current thread:
- CVE request: SKS non-persistent XSS Kristian Fiskerstrand (May 01)
- Re: CVE request: SKS non-persistent XSS cve-assign (May 04)