Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 27 Oct 2008 20:08:03 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: Re: XSS in HTML Tidy plugin used in WYSIWYG HTML editors

Name: CVE-2008-4761
Status: Candidate
Reference: MLIST:[oss-security] 20081027 XSS in HTML Tidy plugin used in WYSIWYG HTML editors
Reference: URL:
Reference: MISC:
Reference: BID:31908
Reference: URL:
Reference: XF:esupport-htmltidylogic-xss(46097)
Reference: URL:

Cross-site scripting (XSS) vulnerability in
includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako
eSupport 3.20.2 allows remote attackers to inject arbitrary web script
or HTML via the jsMakeSrc parameter.  NOTE: the provenance of this
information is unknown; the details are obtained solely from third
party information.  NOTE: this issue is probably in the HTMLArea
HTMLTidy (HTML Tidy) plugin, not eSupport.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.