Date: Mon, 20 Jan 2014 16:08:46 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: David Prévot <taffit@...ian.org> Subject: CVE request: spip: cross-site scripting vulnerability Hi I would like to request a CVE for the following cross-site scripting vulnerability in spip: authors could inject code via their name, which is displayed in the signature of their articles and author page. Upstream fixed this issue in 3.0.13[1,2,3] and also for the 2.1 branch in [4,5].  http://www.spip.net/fr_article5648.html  http://core.spip.org/projects/spip/repository/revisions/20902  http://zone.spip.org/trac/spip-zone/changeset/77768  http://core.spip.org/projects/spip/repository/revisions/20972  http://www.spip.net/fr_article5665.html Could a CVE be assigned for this issue? (unfortunately the changes entries are only in french) Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ