Date: Thu, 14 May 2015 14:56:40 +0200 From: Martin Prpic <mprpic@...hat.com> To: "OSS Security Mailinglist" <oss-security@...ts.openwall.com> Subject: Cross-site scripting flaw in AskBot Hi, It was reported to us that certain versions of AskBot are vulnerable to a cross-site scripting flaw. It is unclear which version fixed this flaw and what the actual patch was. Red Hat assigned CVE-2015-3169 to this flaw; Red Hat bug is filed at: https://bugzilla.redhat.com/show_bug.cgi?id=1221616 If anyone wants to dig through https://github.com/ASKBOT/askbot-devel and find the root cause and the patch, please post your findings here. Thanks! -- Martin Prpič / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.