[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20110209114145.GA19064@babylon.otherwize.co.uk>
Date: Wed, 9 Feb 2011 11:41:45 +0000
From: David Leadbeater <dgl@....cx>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
irc-security@...ts.irc-unity.org
Subject: CGI:IRC XSS issue (CVE-2011-0050)
Michael Brooks (Sitewatch) discovered an XSS issue in the nonjs
interface that allowed HTML injection via a crafted parameter.
0.5.10 is now available. This is actually just 0.5.9 with the
following fix:
- CVE-2011-0050: XSS in R param in nonjs interface
David
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists