oss-sec mailing list archives
Re: CVE request: XSS in roundcube before 1.1.0
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 29 Mar 2015 19:43:57 +0200
Hi Hanno, On Sun, Mar 29, 2015 at 11:52:06AM +0200, Hanno Böck wrote:
http://trac.roundcube.net/wiki/Changelog Fix XSS issue in style attribute handling (#1490227) Upstream Bug: http://trac.roundcube.net/ticket/1490227 Commit: http://trac.roundcube.net/changeset/786aa0725/github It was not mentioned in the release notes...
This seem to have already a CVE: CVE-2015-1433, from http://www.openwall.com/lists/oss-security/2015/01/31/6 Regards, Salvatore
Current thread:
- CVE request: XSS in roundcube before 1.1.0 Hanno Böck (Mar 29)
- Re: CVE request: XSS in roundcube before 1.1.0 Salvatore Bonaccorso (Mar 29)