[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 2 Oct 2008 18:30:47 +0200
From: Gerfried Fuchs <rhonda@....at>
To: oss-security@...ts.openwall.com
Subject: blosxom XSS issue (CVE-2008-2236)
Hi!
I'd like to inform you of a XSS issue in blosxom which was reported
by Yoshinori Ohta of Business Architects Inc. and got assigned the IDs
CVE-2008-2236 and JVN#03300113. The problem allowed to inject arbitrary
output into the default error page and possibly any plugin that uses the
$flavour variable in its output directly.
A fixed version was released today and announced on the blosxom-users
list:
<http://sourceforge.net/mailarchive/forum.php?thread_name=20081002155914.GL10579%40sym.noone.org&forum_name=blosxom-users>
The Debian Bug about the issue:
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500873>
The patch to fix the problem:
<http://blosxom.cvs.sourceforge.net/viewvc/blosxom/blosxom2/blosxom.cgi?r1=1.83&r2=1.84>
Hope that helps. :)
Rhonda
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
