oss-sec mailing list archives
CVE request: horde-kronolith-2.1.7 XSS in addevent.php
From: Matt Fleming <mattjfleming () googlemail com>
Date: Sun, 27 Apr 2008 12:59:45 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi guys, kronolith-2.1.7 is vulnerale to a cross-site scripting attack because input passed to the "url" parameter in the file addevent.php is not properly sanitized. Can you please assign a CVE id? http://forum.aria-security.com/showthread.php?t=49 https://bugs.gentoo.org/show_bug.cgi?id=219304 http://secunia.com/advisories/29920/ Thanks, Matt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (NetBSD) iQEcBAEBAgAGBQJIFGqxAAoJEK3y1f69VxYbv/kH/3Phg+1xuv3pLc7ZnrS48J2e k8PRTzpdkgS/3bE1jtjfGWICoHOKu6/N9Gv2RYmWpWl2ATjJ9r/JVsjOpYdhS9Qm +tRM8O5vWHnIAuhuSMNx+BOVrUJtwcNg27dlhlC1KJyGjgaPAO892uUJfXAti4fW vQuCueNgnQlF4BI1oagHk9cZ8y2BpbSPa4TknrQV5NdrsN/46fk6Lm9v6aVLUtQv hZB+HwlWqT2/1Nhb2JAHnYcE4ZlntlFDVQJnLkhZnXPuRyOIYVHNoKm9OZ1kXdBE 5IY0sJ3yeJnXTL49IcHf+vMbyTIcK8e6JZq0ipfMSDbOH13pc12XXbhkXtjTznU= =xezF -----END PGP SIGNATURE-----
Current thread:
- CVE request: horde-kronolith-2.1.7 XSS in addevent.php Matt Fleming (Apr 27)