Re: CVE request: XSS flaw fixed in dokuwiki 2014-09-29b

[Martin Prpic <mprpic () redhat com>]

Martin Prpic writes:

> Hi, can a CVE please be assigned to the following issue:
>
> Release 2014-09-29b "Hrun":
>  Security Hotfix 2014-09-29b: prevents XSS attack via SWF uploads
>
> I'm assuming this was fixed via: 
> https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960
>
> Thank you!

Apparently this already has a CVE assigned: CVE-2014-9253

Here is an advisory from the original reporter: http://security.szurek.pl/dokuwiki-20140929a-xss.html

Thanks,

-- 
Martin Prpič / Red Hat Product Security