lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <201411120927.sAC9RBt1021988@sf01web1.securityfocus.com> Date: Wed, 12 Nov 2014 09:27:11 GMT From: cert@...nrw.de To: bugtraq@...urityfocus.com Subject: CVE-2014-8732 CVE-2014-8732 CVSSv2 Vector: [AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C] CVSSv2 Base Score=7.5 CVSSv2 Temp Score=7.5 OWASP Top 10 classification: A3 - Cross Site Scripting There is a stored xss vulnerability in phpMemcachedAdmin. Most of the user-specified input fields which are displayed on several pages of the application aren't properly escaped (lack of output enconding). All versions prior and including the current version 1.2.2 are affected as far as we know.