thr3ads.net - Secure testing team - [Secure-testing-team] Bug#500873: blosxom: XSS problem in the error flavour [Oct 2008]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Gerfried Fuchs

2008-Oct-02 08:43 UTC

[Secure-testing-team] Bug#500873: blosxom: XSS problem in the error flavour

Package: blosxom
Version: 2.1.1-1
Severity: critical
Tags: security

        Hi!

 Yoshinori Ohta of Business Architects Inc. found a XSS issue in blosxom
related to handling of unknown flavour types. The fix is now commited to
upstream CVS:
<http://blosxom.cvs.sourceforge.net/viewvc/blosxom/blosxom2/blosxom.cgi?r1=1.83&r2=1.84>

 The upstream version is expected to get released today, the issue has
been granted the CVE id CVE-2008-2236.

 So long,
Rhonda

Secure testing team - Oct 2008 - Bug#500873: blosxom: XSS problem in the error flavour

[Secure-testing-team] Bug#500873: blosxom: XSS problem in the error flavour