Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Feb 2012 18:41:35 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE-request: Webcalendar 1.2.4 location XSS

This seems to be missing 2012 CVE.

Original report: http://seclists.org/bugtraq/2012/Jan/128
Project page: https://sourceforge.net/projects/webcalendar/
Version affected: 1.2.4 (the newest)
Variable: location (stored)
Reported to developer without response: https://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870

I can validate this if needed.

- Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ