oss-sec mailing list archives
Re: CVE-2015-6584: XSS in DataTables
From: Kurt Grutzmacher <grutz () jingojango net>
Date: Tue, 15 Sep 2015 16:33:13 +0000
https://github.com/DataTables/DataTables/issues/602 speaks to the XSS in the unit testing code. https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d is the commit. On Tue, Sep 15, 2015 at 3:57 AM Martin Prpic <mprpic () redhat com> wrote:
Hi, CVE-2015-6584 was assigned to a cross-site scripting flaw in DataTables: https://www.netsparker.com/cve-2015-6384-xss-vulnerability-identified-in-datatables/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6584 Any pointers on which commit fixes this issue? The advisory linked above only mentions it was fixed in 1.10.9, but the changelog for that version does not mention the CVE, or any change that looks like XSS for that matter. https://cdn.datatables.net/1.10.9/ https://github.com/DataTables/DataTables/commits/master Thanks! -- Martin Prpič / Red Hat Product Security
Current thread:
- CVE-2015-6584: XSS in DataTables Martin Prpic (Sep 15)
- Re: CVE-2015-6584: XSS in DataTables Kurt Grutzmacher (Sep 15)