Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [month] [year] [list] 
Date: Sun, 27 Apr 2008 12:59:45 +0100
From: Matt Fleming <mattjfleming@...glemail.com>
To: coley@...us.mitre.org
Subject: CVE request: horde-kronolith-2.1.7 XSS in addevent.php

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi guys,

kronolith-2.1.7 is vulnerale to a cross-site scripting attack because
input passed to the "url" parameter in the file addevent.php is not 
properly sanitized. 

Can you please assign a CVE id?

http://forum.aria-security.com/showthread.php?t=49
https://bugs.gentoo.org/show_bug.cgi?id=219304
http://secunia.com/advisories/29920/

Thanks,
Matt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (NetBSD)

iQEcBAEBAgAGBQJIFGqxAAoJEK3y1f69VxYbv/kH/3Phg+1xuv3pLc7ZnrS48J2e
k8PRTzpdkgS/3bE1jtjfGWICoHOKu6/N9Gv2RYmWpWl2ATjJ9r/JVsjOpYdhS9Qm
+tRM8O5vWHnIAuhuSMNx+BOVrUJtwcNg27dlhlC1KJyGjgaPAO892uUJfXAti4fW
vQuCueNgnQlF4BI1oagHk9cZ8y2BpbSPa4TknrQV5NdrsN/46fk6Lm9v6aVLUtQv
hZB+HwlWqT2/1Nhb2JAHnYcE4ZlntlFDVQJnLkhZnXPuRyOIYVHNoKm9OZ1kXdBE
5IY0sJ3yeJnXTL49IcHf+vMbyTIcK8e6JZq0ipfMSDbOH13pc12XXbhkXtjTznU=
=xezF
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux