lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 8 Oct 2011 07:59:27 GMT
Subject: Contao 2.10.1 Cross-site scripting vulnerability

Advisory:              	Contao 2.10.1 Cross-site scripting vulnerability
Advisory ID:           	SSCHADV2011-025
Author:                	Stefan Schurtz
Affected Software:  	Successfully tested on Contao 2.10.1
Vendor URL: 
Vendor Status:       	fixed
CVE-ID:                	-

Vulnerability Description:

Contao 2.10 is prone to multiple Cross-site scripting vulnerability

Technical Details:



- Vendor patch available -
- Release of a new version 2.10.2 next week

Disclosure Timeline:

07-Oct-2011 - informed developers (
07-Oct-2011 - vendor fix
08-Oct-2011 - release date of this security advisory


Vulnerability found and advisory written by Stefan Schurtz.


Powered by blists - more mailing lists