| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <619718.50633.qm@web95705.mail.in.yahoo.com> Date: Tue, 21 Sep 2010 21:42:22 +0530 (IST) From: sk <sk10_0@...oo.com> To: bugtraq@...urityfocus.com Subject: CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability CollabNet Subversion Edge Log Parser XSS/Code Injection Vulnerability Discovery Date: Sep 10, 2010 Risk: Important Description: There is a Cross Site Script (XSS) vulnerability that exists in CollabNet Subversion Edge 1.2 and prior versions. This said vulnerability can be exploited by sending a crafted request to the CollabNet Subversion. server. When an administrator tries to view the log file then this XSS Code will get executed. More information on this can be found on the following pages: hxxps://ctf.open.collab.net/sf/sfmain/do/go/artf5016?returnUrlKey=1284577592506 Patch Information: More information on the patch can be found in the following page: https://ctf.open.collab.net/sf/wiki/do/viewPage/projects.svnedge/wiki/Release_1.2.1 Discovered by: Sumit Kumar Soni, Trend Micro Email: ssummit@...il.com For More info http://voidroot.blogspot.com/2010/09/collabnet-subversion-edge-log-parser.html http://threatinfo.trendmicro.com/vinfo/secadvisories/default6.asp?VName=CollabNet%20Subversion%20Edge%20Log%20Parser%20XSS/Code%20Injection%20Vulnerability Regards Sumit
Powered by blists - more mailing lists