sks-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] Fwd: CVE request: SKS non-persistent XSS


From: Kristian Fiskerstrand
Subject: [Sks-devel] Fwd: CVE request: SKS non-persistent XSS
Date: Fri, 02 May 2014 13:35:45 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear list,

FYI a request has been sent to oss-sec for a CVE assignment on the XSS
issue listed below.


- -------- Original Message --------
Subject: CVE request: SKS non-persistent XSS
Date: Thu, 01 May 2014 22:58:04 +0200
From: Kristian Fiskerstrand <address@hidden>
To: address@hidden

Hi,

A non-persistent client-side cross-site scripting attack was reported
against SKS[0] resulting from improper input sanitation before writing
to a client. The issue has been fixed in the development trunk[1] for
inclusion in an upcoming 1.1.5 release.

Initial report and findings:
https://bugzilla.mozilla.org/show_bug.cgi?id=952077 by Haris
(address@hidden)

References:
[0]
https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss
[1]
https://bitbucket.org/skskeyserver/sks-keyserver/pull-request/30/issue26-fix-a-non-persistent-cross-site


- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Aurum est Potestas
Gold is power


-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJTY4MNAAoJEPw7F94F4TagKgQQAKX4kcLSvRQjzy6xD04xha4k
3yKbxhZ06dsLkOZRy3nhXNTdYqIhHVnhSUdXBt/cbiffZBVEgUxBUMY9r8FWuSnr
QmUugD6U46f/XJpY2t1rUCK7qabnUk9+AHG4y0Wj7by/Y7JmTOC9KsRG+Uq3UP3A
+O/F5IuiyKkCWz0Td82y0sgICuspZ9CfZvaPk/lWnODZmPzV6XZGkFw73T0IwOql
uwXCvop76o63H+h46UJCOv6ed5/Xyv+hjv2+XSDSHSJZ4FoDoQvgxjor2d2iOu8E
jsOnpTQmzsoa/txFifJ9l6144pBiU5Uw2rKM4njFzo6JCR+uhRQh9zTZDLtgpXJo
X07sI3/GhX2i61zx6I+1I/9yT3D9a47E1cWpIJt33jH0VGhUwkgmAUY11wX2nS18
VCgpBY5ee2H+9yaaggdcNk2NkR88dUwIKA/WJqLNKWYyvB6bWG3eu73LR2lF/68U
MSksvujuv1JtHOlu6tWYYMMjKOZ+OAMcZnCXULer8/GiwyRrwwD9Tr5xsbZA/lQ/
R1UXGMCfHIp1HLyvqwvnqO++GH5zgoFKeIyZ+dVUuLNlRyRIPGMRljE612vaHQ5r
94fIam5QXgv1VKj+jTE1d+uaOYXDie/cdcD87IVplBr80wDGcdAehjKwPjOfc9w3
OxsBZ8CxmwfCfqv1n4Ys
=m/rt
-----END PGP SIGNATURE-----



reply via email to

[Prev in Thread] Current Thread [Next in Thread]