Date: Thu, 14 May 2015 14:56:40 +0200 From: Martin Prpic <mprpic@...hat.com> To: "OSS Security Mailinglist" <oss-security@...ts.openwall.com> Subject: Cross-site scripting flaw in AskBot Hi, It was reported to us that certain versions of AskBot are vulnerable to a cross-site scripting flaw. It is unclear which version fixed this flaw and what the actual patch was. Red Hat assigned CVE-2015-3169 to this flaw; Red Hat bug is filed at: https://bugzilla.redhat.com/show_bug.cgi?id=1221616 If anyone wants to dig through https://github.com/ASKBOT/askbot-devel and find the root cause and the patch, please post your findings here. Thanks! -- Martin Prpič / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ