Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request - XXS in phpMyID (openid_error)
From: cve-assign () mitre org
Date: Fri, 18 Apr 2014 15:08:02 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is a XXS vulnerability in phpMyID v0.9

/MyID.config.php?openid.mode=error&openid_error=[XSS]

Here is the code at fault:
MyID.php

Project Page: http://siege.org/phpmyid
Code: https://www.siege.org/oss/phpMyID/trunk/MyID.php

The author has stated that the project is no longer maintained

Use CVE-2014-2890.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTUXeZAAoJEKllVAevmvmsTqUH/0lj63Sm9zLIwh4tfTh7kqW0
95p3b2lMyPIPaDWTxeaXkth30vJ7CHrfHMSKg5rgN2Un1KzKQ91YYT77X63hn/fZ
1r6N8OOVAdqgDi2T0GzLO6i0flomBwyLhjeSyUSdCXDHWo2UCOKJjwXuCR85eOAq
2raBampv/yoWr/bgQ5FLmWS2ksqF5+Dcr0DqyF05H/uvMgzudB093id9S+buHuTT
Yc7+bds48Ep4HTt3wRfAt9wHOAkIMV1yuesJ+SuUWo4rx2Y/QPA+PJ9VpyycgIBL
PdWJ+UzoED3Rdiah/jOPwOfLoaWqwZnhkDKhNvFPt1byxG6GJBlj88MJbFjK634=
=Uo8b
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault