Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: XSS in status.net before 0.9.9 and 1.0.0beta2
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 19 Sep 2011 11:25:58 +0200

See
http://status.net/2011/08/02/security-alert-for-all-versions-of-statusnet

"Incorrectly sanitized input from the URL for "tag stream" pages,
combined with incorrect encoding of dynamically-generated JavaScript,
allows an attacker to create a carefully-crafted URL that will execute
arbitrary JavaScript code on other users' browsers."

-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault