Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 3 Jan 2016 15:38:28 +0200
From: Henri Salo <henri@...v.fi>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com,
	Curesec Research Team <crt@...esec.com>
Subject: CVE request: esoTalk 1.0.0g4 cross-site scripting vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Please assign 2015 CVE identifier for esoTalk cross-site scripting
vulnerability, thanks.

Advisory: http://seclists.org/fulldisclosure/2015/Dec/112
Curesec blog: https://blog.curesec.com/article/blog/esoTalk-100g4-XSS-124.html
PoC: /conversations/a'";><img src=no onerror=alert(1)>?search=test
Fix: https://github.com/esotalk/esoTalk/commit/b938c39a83b55ecddc74b09d1116c37df1f2567e

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWiSRUAAoJECet96ROqnV07PsQAJzRKRiQnLQ8cO6s0TAS5RVu
UWM0xDrF+nEitcT8yIF1IXp7eBR9IUD31HOb1aRL0bt0lK0eC8JwZkidf/5ejaUU
Mn8oTJWWfvHFe5dUAfuCEMnicd4YiJQ2s/+RA9kpo2MpV66mZvUxIvPqa4BdZeAQ
ew/QWFFUbNTGbAD+LDX0Q6SE46Pp/yn3acfkrEdSSR3aylMS9J+CAgP4cZmIyQYD
Itqqqgr4fl4SVLLP8VVcLmUyp0A6wGEeg1eqVf4Bn5r+ylfIpKcmMb2HgM+DX/oD
fIpjMvasn1fA9t/j4dZgZZwfC/cQM+l6ZYARaykSess/Pfj7nnGT4gKA42rZdfWj
36qFh1KJU4f6Z6VUYvXljKfddhhkyiHtfBdV38Rp1oRSX8PrFJkgolbrRSF/du6E
ROKeIKy6nT7ZUYLEVBTOGrrO4M8J+TMxsFJ4/1JUE8JvxK2xz2t4/PTuhDyeLFTP
oyUXl2xiXJDyMuPi9gQWP701h/gAi2QkjF5kpaK5Onn7EunP760i9/iD5KbgEd0f
ALSBIfzAZI3U2eWA5soOkJ99lsX0sxvzcF9pk9ufk+wz0nCfI+yv45I2A5l6c2oy
+ILTr5DGPtJU5hdd7zlpgepBKvc9rJmBDuNP4B7QhNYDREkpS9TVjjA//R/DfAT1
LVMjYYTCftN/5jS+ReLC
=Q5nX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ