oss-sec mailing list archives

Request 2 CVE-IDs for Zeus Voting System

From: DaKnOb <daknob.mac () gmail com>
Date: Wed, 13 May 2015 19:09:49 +0300

Zeus (https://github.com/grnet/zeus) is a fork of Helios that is actively developed by GRNET (http://www.grnet.gr/) and 
is considered to be used in Greek Elections (starts with small and rolls out to larger elections). 

Two XSS vulnerabilities that allow JavaScript Execution have been found, one of which has a PoC running JavaScript / 
Modifying HTML in the voter’s browser during the voting process.

XSS #1 - https://github.com/grnet/zeus/issues/28
XSS #2 - https://github.com/grnet/zeus/issues/29

Thank you,
Antonios A. Chariton

Current thread:

Request 2 CVE-IDs for Zeus Voting System DaKnOb (May 13)
- Message not available
  - Re: Request 2 CVE-IDs for Zeus Voting System DaKnOb (May 14)
- Re: Request 2 CVE-IDs for Zeus Voting System DaKnOb (May 14)