oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Reflected XSS / Content Spoofing in FlexPaper

From: Francisco Alonso <rs () revskills cz>
Date: Sat, 17 Jan 2015 12:15:41 +0100
Hi,

Any update about this?

On Tue, Jan 6, 2015 at 9:45 PM, Francisco Alonso <rs () revskills cz> wrote:


Hello,

Can a CVE please be assigned to the following issue:

FlexPaper Flash viewer Reflected XSS and Content Spoofing via Swfile
parameter in FlexPaperViewer.swf file.

Fixed via FlexPaper 2.3.1 Release.

References:
http://blog.flexpaper.org/post/105984224083/flexpaper-2-3-1-release-notes
https://code.google.com/p/flexpaper/
http://www.theregister.co.uk/2014/12/23/wikileaks_pdf_viewer_vuln/

http://www.pcworld.com/article/2862812/flaw-in-opensource-pdf-viewer-could-put-wikileaks-users-others-at-risk.html

Thanks,





-- 

Francisco Alonso.
http://twitter.com/revskills
PGP: 0xE2E64DCA
--
Previous By Date Next
Previous By Thread Next

Current thread: