oss-sec mailing list archives

Re: CVE request: XSS in MUC logs of ejabberd

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 17 Mar 2009 20:38:51 -0400 (EDT)


======================================================
Name: CVE-2009-0934
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0934
Reference: MLIST:[oss-security] 20090316 CVE request: XSS in MUC logs of ejabberd
Reference: URL:http://www.openwall.com/lists/oss-security/2009/03/16/1
Reference: CONFIRM:http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204
Reference: BID:34133
Reference: URL:http://www.securityfocus.com/bid/34133
Reference: SECUNIA:34340
Reference: URL:http://secunia.com/advisories/34340

Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4
allows remote attackers to inject arbitrary web script or HTML via
unknown vectors related to links and MUC logs.

Current thread:

CVE request: XSS in MUC logs of ejabberd Hanno Böck (Mar 16)
- Re: CVE request: XSS in MUC logs of ejabberd Steven M. Christey (Mar 17)