Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1346328919.4374.31.camel@spiral.ashpool.org>
Date: Thu, 30 Aug 2012 14:15:19 +0200
From: Thomas Biege <thomas@...e.de>
To: oss-security@...ts.openwall.com
Subject: CVE request: crowbar XSS


Hi,
Matthias Weckbecker of SUSE Linux Products GmbH has found the following
issue in crowbar:

http://crowbar.test.de:3000/utils?waiting=true&file=foo'%3B})%
3B}alert(document.cookie)</script><!--

https://github.com/SUSE-Cloud/barclamp-crowbar/commit/90e905b7668a1cc884fb70040f96c7a0a287de48
https://github.com/SUSE-Cloud/barclamp-crowbar/commit/a82ed926c6e3ba2b0cada213c35e4b00f34ea629

Cheers,
Thomas


-- 
Thomas Biege, Project Manager Security, CSSLP
SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB
21284 (AG Nürnberg)
--
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach

Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.