oss-sec mailing list archives
CVE Request for XSS vulnerability in Ushahidi Web
From: Robbie Mackay <robbie () ushahidi com>
Date: Wed, 24 Apr 2013 10:04:35 +1200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Robb Driscoll (ohrodr) has reported an exploitable XSS bug with report descriptions in Ushahidi_Web (https://github.com/ushahidi/Ushahidi_Web). Original bug report https://github.com/ushahidi/Ushahidi_Web/issues/1009 This will be fixed in the next release Ushahidi 2.7, along with other general XSS issues. We've done a general overhaul of our XSS protection and https://github.com/ushahidi/Ushahidi_Web/pull/1056 Would a CVE normally be assigned just for the specific issue? or for the general fixes to XSS protection as well? Regards, Robbie Mackay Software Developer, External Projects Ushahidi Inc e: robbie () ushahidi com skype: robbie.mackay -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBAgAGBQJRdwVzAAoJEKnxsxigzOTXTi0H/Aw7An7XmKVrE74HA/W6Qx98 RfM3FwR6N4JaUYQrpLeUkq2VOuSnFzwX2u0DftK6pOYKYH7VeNnXqchhHcD3DdVa +uSh5uCVdMQD6/eKv6akJR5O8jjq3IYAwyjXk26yAjmOd7Vyl31MXkRuv9hnu9+S sbgGMjIr+hHrAFIyX56H3e7BefJVx/F1K/R3KPI8pMcLhrnF7q8sb1tlYVCPWdLo rSyo0Igpctx/KQuDYsDGAjF7NomHuT51jjZWL6PGl5czmC637/s4AzGcoMhNlMn5 NNPeogW6JuZQPN9/MX03QfI2Ots5XkjE/fIE0gdgt1Uc3Yjlrs4/+CwCj2X+8l8= =17Qf -----END PGP SIGNATURE-----
Current thread:
- CVE Request for XSS vulnerability in Ushahidi Web Robbie Mackay (Apr 23)
- Re: CVE Request for XSS vulnerability in Ushahidi Web Kurt Seifried (Apr 29)