oss-sec mailing list archives

CVE Request: Dotclear: XSS vulnerability in comments managment page and media exclusion control enforcement

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sat, 5 Mar 2016 14:48:42 +0100

Hi

Dotclear, a web publishing software, fixed a cross-site scripting
vulnerability in 2.8.2. Additionally the media exlusion control in the
media manager was furhter enforced:

https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2

The XSS vulnerability was fixed with 

https://hg.dotclear.org/dotclear/rev/65e65154dadf

The second mentioned issue was addressed with

https://hg.dotclear.org/dotclear/rev/198580bc3d80

Could you assign CVEs for those?

Regards,
Salvatore

Current thread:

CVE Request: Dotclear: XSS vulnerability in comments managment page and media exclusion control enforcement Salvatore Bonaccorso (Mar 05)
- Re: CVE Request: Dotclear: XSS vulnerability in comments managment page and media exclusion control enforcement cve-assign (Mar 06)