Giuseppe Iuculano
2010-Jul-05 10:57 UTC
[Secure-testing-team] Bug#588138: CVE-2010-1625: Cross-site scripting (XSS) vulnerability
Package: lxr Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for lxr. CVE-2010-1625[0]: | Cross-site scripting (XSS) vulnerability in LXR Cross Referencer | before 0.9.7 allows remote attackers to inject arbitrary web script or | HTML via vectors related to the search body and the results page for a | search, a different vulnerability than CVE-2009-4497 and | CVE-2010-1448. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1625 http://security-tracker.debian.org/tracker/CVE-2010-1625 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkwxupsACgkQNxpp46476aosxgCgkuY2Cj109ESjFEyZbMOcUuQu YK8AnAy8I7TJSd0IhhBtR5C6CV/Dt9Oz =hikO -----END PGP SIGNATURE-----