Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Request -- cGit -- XSS flaw in rename hint
From: Josh Bressers <bressers () redhat com>
Date: Fri, 22 Jul 2011 16:14:06 -0400 (EDT)

Please use CVE-2011-2711.



----- Original Message -----
Hello Josh, Steve, vendors,

an cross-site scripting (XSS) flaw was found in the way cgit, a fast
web interface for Git, displayed the file name in the rename hint. A
remote attacker could provide a specially-crafted web page, which once
visited by an authenticated Cgit user, with push access to the
repository, would lead to arbitrary web script or HTML code execution.

[1] http://hjemli.net/pipermail/cgit/2011-July/000276.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=725042

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]