Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 May 2010 15:40:10 -0400 (EDT)
From: Josh Bressers <>
Cc: coley <>
Subject: Re: CVE request: lxr

----- "Dan Rosenberg" <> wrote:

> Josh,
> The XSS in the title string was already assigned CVE-2010-1448.  Do
> you mean to assign issue #2, the XSS reflected in search results?

Sigh, yes.

So to sum it up:

1.  XSS in the ident parameter, as described in CVE-2009-4497.

2.  XSS that is reflected via the search results page after issuing
This one is now CVE-2010-1625

3. 3.  XSS that is reflected via the <title> tag on the search page, as
described in Raphael's original e-mail a few days ago, which Josh assigned



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ