Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 6 Apr 2015 09:40:19 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE request: WordPress plugin wassup cross-site scripting
 vulnerability

Please assign 2009 CVE identifier for WordPress plugin wassup cross-site
scripting vulnerability fixed in 1.7.2.1 version, thanks.

https://wordpress.org/plugins/wassup/changelog/

1.7.2.1
Critical security and bug fix upgrade
- disabled page reload triggered by WassUp screen resolution tracking.
- fixed a security loophole found in main.php module.

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=152760%40wassup%2Ftrunk%2Flib%2Fmain.php&old=151501%40wassup%2Ftrunk%2Flib%2Fmain.php&sfp_email=&sfph_mail=

-- 
Henri Salo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ