oss-sec mailing list archives
Cross-site scripting flaw in AskBot
From: Martin Prpic <mprpic () redhat com>
Date: Thu, 14 May 2015 14:56:40 +0200
Hi, It was reported to us that certain versions of AskBot are vulnerable to a cross-site scripting flaw. It is unclear which version fixed this flaw and what the actual patch was. Red Hat assigned CVE-2015-3169 to this flaw; Red Hat bug is filed at: https://bugzilla.redhat.com/show_bug.cgi?id=1221616 If anyone wants to dig through https://github.com/ASKBOT/askbot-devel and find the root cause and the patch, please post your findings here. Thanks! -- Martin Prpič / Red Hat Product Security
Current thread:
- Cross-site scripting flaw in AskBot Martin Prpic (May 14)