oss-sec mailing list archives

Re: CVE id request: libjs-swfupload


From: Nico Golde <oss-security+ml () ngolde de>
Date: Mon, 16 Jul 2012 21:07:26 +0200

Hi,
* Kurt Seifried <kseifried () redhat com> [2012-07-16 20:32]:
On 07/16/2012 12:17 PM, Nico Golde wrote:
Hi, there is an XSS issue in libjs-swfupload. Can we get a CVE id
for this?

Details: 
https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/


http://code.google.com/p/swfupload/issues/detail?id=376
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681323


There also appears to be a CSRF vulnerability. Is there a reason for
only mentioning the XSS?

The CSRF is for pupload which we don't ship and I haven't looked at.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:


Current thread: