Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 16 Apr 2013 03:10:40 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE for XSS in EasyPHPCalender script

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/12/2013 05:47 PM, Anant Shrivastava wrote:
> Hi Team,
> 
> can i please have a CVE for this issues
> 
> http://www.easyphpcalendar.com/forums/showthread.php?p=45554#post45554
>
>  technical details are not issued however the two issues are
> pertaining to XSS in following two files in the package.
> 
> index.php datePicker.php
> 
> This issue affect both free version i.e. version 6. as well as
> commerical version < 7.0.13
> 
> Changelog visible here for v7 : 
> http://docs7.easyphpcalendar.com/source/ChangeLog/changeLog.htm for
> v6 patch is listed here
> :http://www.easyphpcalendar.com/v6download.php as  Security Patch -
> Released April 9, 
> 2013<http://www.easyphpcalendar.com/files/EPC6Patch.zip>
> 
> Thanks in advance.
> 
> -Anant
> 

Please use CVE-2013-1955 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRbRWPAAoJEBYNRVNeJnmTROcP/icTW6vQqTSbnCjt3z6/S6u6
0zQyXKmDUqtAPsNAPH0VGg6PSoTa88eiM1Bfxme0sRPEyLh15jjjNhvKVi0LfdqZ
ImWkohMp3QBGjhIw8jwu1p752cQ7lRq9OvT9W5bshwusrSlxi66q2wf59OCwLUQ6
oRRhwoaYlYzZNl1s7/yXL3QvbgCjjPtuTxvHQZlFbOvqzrH37yMkqyVoBgjIPik5
fDwt4jlY6g/zl1Vc9iMpr349bP8qsz9hqQWPu72D7LwpVc+yqda74guhk0GNYroM
z6ZRj5CrqLSVgOSaFMOyfCU7q+N12stKkQdDdVGg0sIimVsAk/rC0keoaOSPVKa2
ker4X/u3HhEGz2zCg/Z7eaOo/oBrtdG74el8kEmlXi5im+MLw1q9IXmAp9jJ3TRU
8AzlCXhX9tqIOeoac+6EAQIaDg7b88Ht15QghoNLJu1SHVEJcxzn8Ird74tVVEuY
7ifFnr/WNlzlvcmW6pookxhiapBe5FdkQZbkAJLC8mUpM+zIknew+4mCjoG/KUQl
JwlYYjR+5iNs7y2g/ruDIYMoIUOdkdomBTStmFOdu0Q0hDWyl1v0t5FJ7AhY8V7Q
FK24CqA42LQuATeHkmePyI1kqEXOOW3qH1lnYbSgNmz+u7anHmigsyQn4IF11m5i
YSXrBgVLy0Bwmazhxggt
=PDo4
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ