[Pkg-erlang-devel] Bug#653966: yaws cross site scripting
Thijs Kinkhorst
thijs at debian.org
Sun Jan 1 22:59:02 UTC 2012
Package: yaws
Severity: serious
Tags: security
Hi,
The following security issue has been reported against yaws:
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in
Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via
(1) the tag parameter to editTag.yaws, (2) the index parameter to
showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text
parameter to editPage.yaws.
This is tracked at:
http://security-tracker.debian.org/tracker/CVE-2011-5025
Can you please ensure that unstable is fixed for this issue and assert whether
squeeze and/or lenny need to be fixed aswell?
Cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-erlang-devel/attachments/20120101/30ec4a06/attachment.pgp>
More information about the Pkg-erlang-devel
mailing list