Date: Fri, 28 Oct 2011 09:04:43 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: serendipity before 1.6 backend XSS in karma plugin On 10/28/2011 02:02 AM, Hanno Böck wrote: > http://blog.s9y.org/archives/233-Serendipity-1.6-released.html > > "Fixes a backend XSS issue in the karma plugin and media database > filtering, thanks to Stefan Schurtz!" > > If anyone asks: Backend XSS are a security issue in multiuser webapps, > one less priviliged user can use them to gain more privilege. > > Please assign CVE. > Can you please send more details, i.e. which file is responsible/or a link to a commit fixing this? Thanks. -- -Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.