Date: Tue, 15 Sep 2015 16:33:13 +0000 From: Kurt Grutzmacher <grutz@...gojango.net> To: oss security list <oss-security@...ts.openwall.com> Subject: Re: CVE-2015-6584: XSS in DataTables https://github.com/DataTables/DataTables/issues/602 speaks to the XSS in the unit testing code. https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d is the commit. On Tue, Sep 15, 2015 at 3:57 AM Martin Prpic <mprpic@...hat.com> wrote: > Hi, > > CVE-2015-6584 was assigned to a cross-site scripting flaw in DataTables: > > > https://www.netsparker.com/cve-2015-6384-xss-vulnerability-identified-in-datatables/ > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6584 > > Any pointers on which commit fixes this issue? The advisory linked above > only mentions it was fixed in 1.10.9, but the changelog for that version > does not mention the CVE, or any change that looks like XSS for that > matter. > > https://cdn.datatables.net/1.10.9/ > https://github.com/DataTables/DataTables/commits/master > > Thanks! > > -- > Martin Prpič / Red Hat Product Security >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ