Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Sep 2012 13:43:12 -0400 (EDT)
From: Jan Lieskovsky <jlieskov@...hat.com>
To: "Steven M. Christey" <coley@...us.mitre.org>
Cc: oss-security@...ts.openwall.com
Subject: CVE Request Smarty / php-Smarty: XSS in Smarty exception messages

Hello Kurt, Steve, vendors,

  a cross-site scripting (XSS) flaw was found in the way Smarty
sanitized exception messages:
[1] http://secunia.com/advisories/50589/
[2] http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt

Upstream patch:
[3] http://code.google.com/p/smarty-php/source/detail?r=4658

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

P.S.: Going through the OSS archive from 2012-09 it doesn't seem
      this has got a CVE identifier yet (but didn't look to posts
      from previous months).

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ