oss-sec mailing list archives
CVE request: esoTalk 1.0.0g4 cross-site scripting vulnerability
From: Henri Salo <henri () nerv fi>
Date: Sun, 3 Jan 2016 15:38:28 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Please assign 2015 CVE identifier for esoTalk cross-site scripting vulnerability, thanks. Advisory: http://seclists.org/fulldisclosure/2015/Dec/112 Curesec blog: https://blog.curesec.com/article/blog/esoTalk-100g4-XSS-124.html PoC: /conversations/a'";><img src=no onerror=alert(1)>?search=test Fix: https://github.com/esotalk/esoTalk/commit/b938c39a83b55ecddc74b09d1116c37df1f2567e - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWiSRUAAoJECet96ROqnV07PsQAJzRKRiQnLQ8cO6s0TAS5RVu UWM0xDrF+nEitcT8yIF1IXp7eBR9IUD31HOb1aRL0bt0lK0eC8JwZkidf/5ejaUU Mn8oTJWWfvHFe5dUAfuCEMnicd4YiJQ2s/+RA9kpo2MpV66mZvUxIvPqa4BdZeAQ ew/QWFFUbNTGbAD+LDX0Q6SE46Pp/yn3acfkrEdSSR3aylMS9J+CAgP4cZmIyQYD Itqqqgr4fl4SVLLP8VVcLmUyp0A6wGEeg1eqVf4Bn5r+ylfIpKcmMb2HgM+DX/oD fIpjMvasn1fA9t/j4dZgZZwfC/cQM+l6ZYARaykSess/Pfj7nnGT4gKA42rZdfWj 36qFh1KJU4f6Z6VUYvXljKfddhhkyiHtfBdV38Rp1oRSX8PrFJkgolbrRSF/du6E ROKeIKy6nT7ZUYLEVBTOGrrO4M8J+TMxsFJ4/1JUE8JvxK2xz2t4/PTuhDyeLFTP oyUXl2xiXJDyMuPi9gQWP701h/gAi2QkjF5kpaK5Onn7EunP760i9/iD5KbgEd0f ALSBIfzAZI3U2eWA5soOkJ99lsX0sxvzcF9pk9ufk+wz0nCfI+yv45I2A5l6c2oy +ILTr5DGPtJU5hdd7zlpgepBKvc9rJmBDuNP4B7QhNYDREkpS9TVjjA//R/DfAT1 LVMjYYTCftN/5jS+ReLC =Q5nX -----END PGP SIGNATURE-----
Current thread:
- CVE request: esoTalk 1.0.0g4 cross-site scripting vulnerability Henri Salo (Jan 03)