Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Oct 2011 09:04:43 -0600
From: Kurt Seifried <>
Subject: Re: CVE request: serendipity before 1.6 backend XSS
 in karma plugin

On 10/28/2011 02:02 AM, Hanno Böck wrote:
> "Fixes a backend XSS issue in the karma plugin and media database
> filtering, thanks to Stefan Schurtz!"
> If anyone asks: Backend XSS are a security issue in multiuser webapps,
> one less priviliged user can use them to gain more privilege.
> Please assign CVE.
Can you please send more details, i.e. which file is responsible/or a
link to a commit fixing this? Thanks.


-Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.