oss-sec mailing list archives

Re: CVE-2015-6584: XSS in DataTables

From: Kurt Grutzmacher <grutz () jingojango net>
Date: Tue, 15 Sep 2015 16:33:13 +0000

https://github.com/DataTables/DataTables/issues/602 speaks to the XSS in
the unit testing code.

https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d is
the commit.



On Tue, Sep 15, 2015 at 3:57 AM Martin Prpic <mprpic () redhat com> wrote:

Hi,

CVE-2015-6584 was assigned to a cross-site scripting flaw in DataTables:


https://www.netsparker.com/cve-2015-6384-xss-vulnerability-identified-in-datatables/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6584

Any pointers on which commit fixes this issue? The advisory linked above
only mentions it was fixed in 1.10.9, but the changelog for that version
does not mention the CVE, or any change that looks like XSS for that
matter.

https://cdn.datatables.net/1.10.9/
https://github.com/DataTables/DataTables/commits/master

Thanks!

--
Martin Prpič / Red Hat Product Security

Current thread:

CVE-2015-6584: XSS in DataTables Martin Prpic (Sep 15)
- Re: CVE-2015-6584: XSS in DataTables Kurt Grutzmacher (Sep 15)