Date: Tue, 17 Mar 2009 20:38:51 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com cc: Steven Christey <coley@...us.mitre.org> Subject: Re: CVE request: XSS in MUC logs of ejabberd ====================================================== Name: CVE-2009-0934 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0934 Reference: MLIST:[oss-security] 20090316 CVE request: XSS in MUC logs of ejabberd Reference: URL:http://www.openwall.com/lists/oss-security/2009/03/16/1 Reference: CONFIRM:http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204 Reference: BID:34133 Reference: URL:http://www.securityfocus.com/bid/34133 Reference: SECUNIA:34340 Reference: URL:http://secunia.com/advisories/34340 Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.