oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Cross-site scripting flaw in AskBot

From: Martin Prpic <mprpic () redhat com>
Date: Thu, 14 May 2015 14:56:40 +0200
Hi,

It was reported to us that certain versions of AskBot are vulnerable to
a cross-site scripting flaw. It is unclear which version fixed this flaw
and what the actual patch was.

Red Hat assigned CVE-2015-3169 to this flaw; Red Hat bug is filed at:

https://bugzilla.redhat.com/show_bug.cgi?id=1221616

If anyone wants to dig through https://github.com/ASKBOT/askbot-devel
and find the root cause and the patch, please post your findings here.

Thanks!

-- 
Martin Prpič / Red Hat Product Security
Previous By Date Next
Previous By Thread Next

Current thread: