Home page logo

oss-sec logo oss-sec mailing list archives

CVE request: spip: cross-site scripting vulnerability
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 20 Jan 2014 16:08:46 +0100


I would like to request a CVE for the following cross-site scripting
vulnerability in spip: authors could inject code via their name, which
is displayed in the signature of their articles and author page.

Upstream fixed this issue in 3.0.13[1,2,3] and also for the 2.1 branch
in [4,5].

 [1] http://www.spip.net/fr_article5648.html
 [2] http://core.spip.org/projects/spip/repository/revisions/20902
 [3] http://zone.spip.org/trac/spip-zone/changeset/77768
 [4] http://core.spip.org/projects/spip/repository/revisions/20972
 [5] http://www.spip.net/fr_article5665.html

Could a CVE be assigned for this issue? (unfortunately the changes
entries are only in french)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]