Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 Jun 2013 14:21:34 -0300
From: Felipe Pena <>
Subject: CVE request: XSS on Monkey HTTPD - dirlisting plugin

A vulnerability was found in the Monkey HTTP - dirlisting plugin, which does not
filter file names before printing on HTML page, hence vulnerable to XSS attack.

$ touch "' onmouseover='alert(1);"


Felipe Pena

Felipe Pena

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.