oss-sec mailing list archives

Re: CVE request: serendipity freetag plugin before 3.30 and probably others

From: Josh Bressers <bressers () redhat com>
Date: Mon, 10 Oct 2011 14:22:16 -0400 (EDT)

Please use CVE-2011-3610.

Thanks.

--
    JB

----- Original Message -----

XSS in the tagcloud generation flash in serendipity freetag before
3.30:
http://blog.s9y.org/archives/234-Security-fix-for-flash-based-cloud-in-Freetag-plugin.html

The linked vulnerability report indicates that this flash code is
also
used by other software, e.g. the wp cumulus plugin:
http://websecurity.com.ua/5356/

Though my ukrainian isn't that good ;-)

Please assign cve.

--
Hanno Böck            mail/jabber: hanno () hboeck de
GPG: BBB51E42         http://www.hboeck.de/

Current thread:

CVE request: serendipity freetag plugin before 3.30 and probably others Hanno Böck (Oct 08)
- Re: CVE request: serendipity freetag plugin before 3.30 and probably others Josh Bressers (Oct 10)