Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 22 Jul 2013 11:21:25 +0200
From: Hanno Böck <>
To: OSS Security List <>
Subject: CVE request: webcalendar before 1.2.7


Can I please have three CVEs for webcalendar?

 - Security fix: Do not show the reason for a failed login (i.e. "no
   such user")
 - Security fix: Escape HTML characters in category name.
 - Security fix: Check all passed in fields (either via HTML form or via
   URL parameter) for certain malicious tags (script, embed, etc.) and
   generate fatal error if found.

I'm not sure if the first is really considered CVE-relevant.

Hanno Böck


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.