Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 18 Apr 2014 15:08:02 -0400 (EDT)
From: cve-assign@...re.org
To: adam@...mcaudill.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request - XXS in phpMyID (openid_error)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> There is a XXS vulnerability in phpMyID v0.9
> 
> /MyID.config.php?openid.mode=error&openid_error=[XSS]
> 
> Here is the code at fault:
> MyID.php
> 
> Project Page: http://siege.org/phpmyid
> Code: https://www.siege.org/oss/phpMyID/trunk/MyID.php
> 
> The author has stated that the project is no longer maintained

Use CVE-2014-2890.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTUXeZAAoJEKllVAevmvmsTqUH/0lj63Sm9zLIwh4tfTh7kqW0
95p3b2lMyPIPaDWTxeaXkth30vJ7CHrfHMSKg5rgN2Un1KzKQ91YYT77X63hn/fZ
1r6N8OOVAdqgDi2T0GzLO6i0flomBwyLhjeSyUSdCXDHWo2UCOKJjwXuCR85eOAq
2raBampv/yoWr/bgQ5FLmWS2ksqF5+Dcr0DqyF05H/uvMgzudB093id9S+buHuTT
Yc7+bds48Ep4HTt3wRfAt9wHOAkIMV1yuesJ+SuUWo4rx2Y/QPA+PJ9VpyycgIBL
PdWJ+UzoED3Rdiah/jOPwOfLoaWqwZnhkDKhNvFPt1byxG6GJBlj88MJbFjK634=
=Uo8b
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.