Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 6 Jan 2015 21:45:13 +0100
From: Francisco Alonso <rs@...skills.cz>
To: oss-security@...ts.openwall.com
Subject: CVE request: Reflected XSS / Content Spoofing in FlexPaper

Hello,

Can a CVE please be assigned to the following issue:

FlexPaper Flash viewer Reflected XSS and Content Spoofing via Swfile
parameter in FlexPaperViewer.swf file.

Fixed via FlexPaper 2.3.1 Release.

References:
http://blog.flexpaper.org/post/105984224083/flexpaper-2-3-1-release-notes
https://code.google.com/p/flexpaper/
http://www.theregister.co.uk/2014/12/23/wikileaks_pdf_viewer_vuln/
http://www.pcworld.com/article/2862812/flaw-in-opensource-pdf-viewer-could-put-wikileaks-users-others-at-risk.html

Thanks,

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.