oss-sec mailing list archives
Re: [Fwd: Cross-Site Scripting in Banshee DAAP Extension]
From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 30 Mar 2009 21:23:22 -0400 (EDT)
====================================================== Name: CVE-2009-1175 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1175 Reference: CONFIRM:http://bugzilla.gnome.org/show_bug.cgi?id=577270 Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message.
Current thread:
- [Fwd: Cross-Site Scripting in Banshee DAAP Extension] Anthony (Mar 30)
- Re: [Fwd: Cross-Site Scripting in Banshee DAAP Extension] Steven M. Christey (Mar 30)