Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 1 Sep 2013 07:01:55 +0200
From: Hanno Böck <hanno@...eck.de>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: CVE request: serendipity before 1.7.3 XSS

Serendipity blog software contains an XSS in the shipped
htmlarea-code for spell checking.

Vulnerability report:
http://osvdb.org/87395
Upstream confirmation:
http://blog.s9y.org/archives/250-Serendipity-1.7.3-released.html
Git commit:
https://github.com/s9y/Serendipity/commit/d7dbe7757371c7f25a39463d1b924604785ae475

Please assign CVE.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ