oss-sec mailing list archives

Re: CVE request: Reflected XSS / Content Spoofing in FlexPaper

From: cve-assign () mitre org
Date: Thu, 12 Feb 2015 11:34:44 -0500 (EST)

Can a CVE please be assigned to the following issue:

FlexPaper Flash viewer Reflected XSS and Content Spoofing via Swfile
parameter in FlexPaperViewer.swf file.

Fixed via FlexPaper 2.3.1 Release.

References:
http://blog.flexpaper.org/post/105984224083/flexpaper-2-3-1-release-notes
https://code.google.com/p/flexpaper/
http://www.theregister.co.uk/2014/12/23/wikileaks_pdf_viewer_vuln/
http://www.pcworld.com/article/2862812/flaw-in-opensource-pdf-viewer-could-put-wikileaks-users-others-at-risk.html


CVE-2014-9677 - XSS

CVE-2014-9678 - content spoofing

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Current thread:

CVE request: Reflected XSS / Content Spoofing in FlexPaper Francisco Alonso (Jan 06)
- Re: CVE request: Reflected XSS / Content Spoofing in FlexPaper Francisco Alonso (Jan 17)
- Re: CVE request: Reflected XSS / Content Spoofing in FlexPaper cve-assign (Feb 12)