Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 21 Dec 2015 22:06:56 -0500
From: David Dworken <david@...iddworken.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: Reflected XSS in OpenMRS Login Page

Hello,

OpenMRS has a reflected XSS vulnerability in the login page that is
exploitable through injection into the referer header.

Patch:
https://github.com/ddworken/openmrs-module-referenceapplication/commit/65fefcb8dfbd069ca611ab3f17084fd8dc92a048

Thanks,
David Dworken

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ