Date: Mon, 11 Oct 2010 15:18:44 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: joomla before 1.5.21 XSS Please use CVE-2010-3712 for this. Thanks. -- JB ----- "Hanno Böck" <hanno@...eck.de> wrote: > http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss- > vulnerabilities > > >  - Core - XSS Vulnerabilities > > * Project: Joomla! > * SubProject: All > * Severity: Medium > * Versions: 1.5.20 and all previous 1.5 releases > * Exploit type: XSS Injection > * Reported Date: 2010-October-05 > * Fixed Date: 2010-October-08 > > Description > > Inadequate filtering of multiple encoded entities permits XSS attacks > in some > circumstances. > Affected Installs > > All 1.5.x installs prior to and including 1.5.20 are affected. > -- > Hanno Böck Blog: http://www.hboeck.de/ > GPG: 3DBD3B20 Jabber/Mail: hanno@...eck.de > > http://schokokeks.org - professional webhosting
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ