Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Sep 2012 13:43:12 -0400 (EDT)
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
Subject: CVE Request Smarty / php-Smarty: XSS in Smarty exception messages

Hello Kurt, Steve, vendors,

  a cross-site scripting (XSS) flaw was found in the way Smarty
sanitized exception messages:

Upstream patch:

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

P.S.: Going through the OSS archive from 2012-09 it doesn't seem
      this has got a CVE identifier yet (but didn't look to posts
      from previous months).

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ