Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 May 2015 19:09:49 +0300
From: DaKnOb <daknob.mac@...il.com>
To: OSS Security List <oss-security@...ts.openwall.com>
Cc: cve-assign@...re.org
Subject: Request 2 CVE-IDs for Zeus Voting System

Zeus (https://github.com/grnet/zeus) is a fork of Helios that is actively developed by GRNET (http://www.grnet.gr/) and is considered to be used in Greek Elections (starts with small and rolls out to larger elections). 

Two XSS vulnerabilities that allow JavaScript Execution have been found, one of which has a PoC running JavaScript / Modifying HTML in the voter’s browser during the voting process.

XSS #1 - https://github.com/grnet/zeus/issues/28
XSS #2 - https://github.com/grnet/zeus/issues/29

Thank you,
Antonios A. Chariton

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.