Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.51.0810272007310.1641@faron.mitre.org>
Date: Mon, 27 Oct 2008 20:08:03 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: coley@...re.org
Subject: Re: XSS in HTML Tidy plugin used in WYSIWYG HTML editors


======================================================
Name: CVE-2008-4761
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4761
Reference: MLIST:[oss-security] 20081027 XSS in HTML Tidy plugin used in WYSIWYG HTML editors
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/27/6
Reference: MISC:http://downloads.securityfocus.com/vulnerabilities/exploits/31908.html
Reference: BID:31908
Reference: URL:http://www.securityfocus.com/bid/31908
Reference: XF:esupport-htmltidylogic-xss(46097)
Reference: URL:http://xforce.iss.net/xforce/xfdb/46097

Cross-site scripting (XSS) vulnerability in
includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako
eSupport 3.20.2 allows remote attackers to inject arbitrary web script
or HTML via the jsMakeSrc parameter.  NOTE: the provenance of this
information is unknown; the details are obtained solely from third
party information.  NOTE: this issue is probably in the HTMLArea
HTMLTidy (HTML Tidy) plugin, not eSupport.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.