Date: Mon, 20 Jun 2016 15:40:53 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE Request: 2015 squidguard reflected XSS Hi, Please assign a CVE for: http://www.squidguard.org/Downloads/CHANGELOG 2015-02-01 Fixed a cross site vulnerability in squidGuard.cgi http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201 I have attached the diff against 1.4, the relevant part seem to be the two lines replacing tags in $url. Unsure why they added another \n to the headers, as there are already two \n. Ciao, Marcus View attachment "squidguard-20150201.patch" of type "text/x-patch" (2837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ