Date: Mon, 27 Oct 2008 20:08:03 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: coley@...re.org Subject: Re: XSS in HTML Tidy plugin used in WYSIWYG HTML editors ====================================================== Name: CVE-2008-4761 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4761 Reference: MLIST:[oss-security] 20081027 XSS in HTML Tidy plugin used in WYSIWYG HTML editors Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/27/6 Reference: MISC:http://downloads.securityfocus.com/vulnerabilities/exploits/31908.html Reference: BID:31908 Reference: URL:http://www.securityfocus.com/bid/31908 Reference: XF:esupport-htmltidylogic-xss(46097) Reference: URL:http://xforce.iss.net/xforce/xfdb/46097 Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.