oss-sec mailing list archives
Re: CVE request: mantis before 1.2.3 (XSS)
From: Kurt Seifried <kurt () seifried org>
Date: Tue, 14 Sep 2010 17:05:02 -0600
On Tue, Sep 14, 2010 at 3:06 PM, Hanno Böck <hanno () hboeck de> wrote:
From release notes "Issue #12312 covers an XSS vulnerability in the upstream NuSOAP library. The fix has been applied to the library included in MantisBT releases, and a patch has been submitted upstream for future releases of NuSOAP. See http://www.mantisbt.org/bugs/view.php?id=12312 for further details.
Are you talking about the PHP_SELF thing? http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005 https://bugzilla.redhat.com/show_bug.cgi?id=629585 if so it has a CVE #: CVE-2010-3070 php-nusoap: XSS vulnerability due improper escaping of URLs -- Kurt Seifried kurt () seifried org tel: 1-703-879-3176
Current thread:
- CVE request: mantis before 1.2.3 (XSS) Hanno Böck (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Hanno Böck (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Josh Bressers (Sep 16)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Kurt Seifried (Sep 14)
- Re: CVE request: mantis before 1.2.3 (XSS) Hanno Böck (Sep 14)