oss-sec mailing list archives
Re: CVE request: vanilla forums before 2.0.10, xss
From: Josh Bressers <bressers () redhat com>
Date: Mon, 6 Dec 2010 16:51:39 -0500 (EST)
Use CVE-2010-4264 for the XSS. The commit is here: https://github.com/vanillaforums/Garden/commit/4535a059e4e24ca11a2ef0b4d754f262398bcece As for the "linkbait" issue, I have no clue. Nothing in git seems to point at that. Steve, does MITRE have a precedent for such a thing? Thanks. -- JB ----- "Hanno Böck" <hanno () hboeck de> wrote:
Hi, http://vanillaforums.org/discussion/13119/vanilla-2.0.10-released/p1 Two sound like security: # # Added SafeStyles configuration to prevent XSS linkjacking # Patched potential linkbait vulnerability in dispatcher (although I don't know what a linkbait vulnerability is, maybe someone wants to enlighten me) -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://schokokeks.org - professional webhosting
Current thread:
- CVE request: vanilla forums before 2.0.10, xss Hanno Böck (Dec 05)
- Re: CVE request: vanilla forums before 2.0.10, xss Josh Bressers (Dec 06)
- Re: CVE request: vanilla forums before 2.0.10, xss Steven M. Christey (Dec 06)
- Re: CVE request: vanilla forums before 2.0.10, xss Josh Bressers (Dec 07)
- Re: CVE request: vanilla forums before 2.0.10, xss Steven M. Christey (Dec 06)
- Re: CVE request: vanilla forums before 2.0.10, xss Josh Bressers (Dec 06)