[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] CGI:IRC XSS issue (CVE-2011-0050)

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, irc-security@xxxxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] CGI:IRC XSS issue (CVE-2011-0050)
From: David Leadbeater <dgl@xxxxxx>
Date: Wed, 9 Feb 2011 11:41:45 +0000

Michael Brooks (Sitewatch) discovered an XSS issue in the nonjs
interface that allowed HTML injection via a crafted parameter.

0.5.10 is now available. This is actually just 0.5.9 with the
following fix:

- CVE-2011-0050: XSS in R param in nonjs interface

David

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] is FD moderated or not? (hint: ask n3td3v)
Next by Date: Re: [Full-disclosure] is FD moderated or not? (hint: ask n3td3v)
Previous by thread: [Full-disclosure] xss attacks through utf7-BOM string injection
Next by thread: [Full-disclosure] trivial SQL injection in LIGATT Security's LocatePC software
Index(es):
- Date
- Thread