Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 15 Sep 2015 16:33:13 +0000
From: Kurt Grutzmacher <grutz@...gojango.net>
To: oss security list <oss-security@...ts.openwall.com>
Subject: Re: CVE-2015-6584: XSS in DataTables

https://github.com/DataTables/DataTables/issues/602 speaks to the XSS in
the unit testing code.

https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d is
the commit.



On Tue, Sep 15, 2015 at 3:57 AM Martin Prpic <mprpic@...hat.com> wrote:

> Hi,
>
> CVE-2015-6584 was assigned to a cross-site scripting flaw in DataTables:
>
>
> https://www.netsparker.com/cve-2015-6384-xss-vulnerability-identified-in-datatables/
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6584
>
> Any pointers on which commit fixes this issue? The advisory linked above
> only mentions it was fixed in 1.10.9, but the changelog for that version
> does not mention the CVE, or any change that looks like XSS for that
> matter.
>
> https://cdn.datatables.net/1.10.9/
> https://github.com/DataTables/DataTables/commits/master
>
> Thanks!
>
> --
> Martin Prpič / Red Hat Product Security
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ