Date: Wed, 19 Sep 2012 13:43:12 -0400 (EDT) From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> Cc: oss-security@...ts.openwall.com Subject: CVE Request Smarty / php-Smarty: XSS in Smarty exception messages Hello Kurt, Steve, vendors, a cross-site scripting (XSS) flaw was found in the way Smarty sanitized exception messages:  http://secunia.com/advisories/50589/  http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt Upstream patch:  http://code.google.com/p/smarty-php/source/detail?r=4658 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: Going through the OSS archive from 2012-09 it doesn't seem this has got a CVE identifier yet (but didn't look to posts from previous months).
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ