Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Aug 2010 01:15:23 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: CVE request: Attachment XSS in mantis < 1.2.2

http://www.mantisbt.org/bugs/view.php?id=11952
http://www.mantisbt.org/blog/?p=113

Issue #11952 covers a security fix to the display of inline attachments, where 
“Arbitrary inline attachment rendering could lead to cross-domain scripting or 
other browser attacks”.

-- 
Hanno Böck		Blog:		http://www.hboeck.de/
GPG: 3DBD3B20		Jabber/Mail:	hanno@...eck.de

http://schokokeks.org - professional webhosting

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ