oss-sec mailing list archives
Re: CVE id request: libjs-swfupload
From: Nico Golde <oss-security+ml () ngolde de>
Date: Mon, 16 Jul 2012 21:07:26 +0200
Hi, * Kurt Seifried <kseifried () redhat com> [2012-07-16 20:32]:
On 07/16/2012 12:17 PM, Nico Golde wrote:Hi, there is an XSS issue in libjs-swfupload. Can we get a CVE id for this? Details: https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/http://code.google.com/p/swfupload/issues/detail?id=376http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681323There also appears to be a CSRF vulnerability. Is there a reason for only mentioning the XSS?
The CSRF is for pupload which we don't ship and I haven't looked at. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE id request: libjs-swfupload Nico Golde (Jul 16)
- Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 16)
- Re: CVE id request: libjs-swfupload Nico Golde (Jul 16)
- Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 16)
- Re: CVE id request: libjs-swfupload Nico Golde (Jul 17)
- Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 17)
- Re: CVE id request: libjs-swfupload Nico Golde (Jul 17)
- Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 17)
- Re: CVE id request: libjs-swfupload Nico Golde (Jul 16)
- Re: CVE id request: libjs-swfupload Kurt Seifried (Jul 16)