oss-sec mailing list archives
Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
From: Hanno Böck <hanno () hboeck de>
Date: Sun, 4 Dec 2011 20:07:46 +0100
Am Thu, 01 Dec 2011 13:24:19 -0700 schrieb Kurt Seifried <kseifried () redhat com>:
My mistake, this should have been merged into CVE-2011-4090, it's the same vuln type (XSS) and the same version of Serendipity, CVE-2011-4365 is a bad assignment and should be marked as a duplicate of CVE-2011-4090.
I'd disagree on that. CVE-2011-4090 is in an (optional) plugin, while CVE-2011-4365 is an issue in the main s9y code. Although the plugin is shipped with the core s9y, the impact is quite different. For 4090, you only need to care if you do something with the karma-plugin. -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
- Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Henri Salo (Dec 01)
- Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 01)
- Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 01)
- Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Hanno Böck (Dec 04)
- Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 04)
- Re: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Kurt Seifried (Dec 01)
- <Possible follow-ups>
- RE: CVE-request: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability Secunia Research (Dec 01)