Bug#443901: CVE-2007-5051 Multiple cross-site scripting (XSS) vulnerabilitie
Hello Thijs, * Thijs Kinkhorst <[EMAIL PROTECTED]> [2007-09-25 12:17]: > On Tue, September 25, 2007 00:10, Nico Golde wrote: > > the following CVE (Common Vulnerabilities & Exposures) id was published for > > phpgedview. > > Thanks Nico, I'll check it out soon. Cool thanks. Just let me know if you need an NMU :) Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpaS4b3yUOJZ.pgp Description: PGP signature
Bug#443901: CVE-2007-5051 Multiple cross-site scripting (XSS) vulnerabilitie
On Tue, September 25, 2007 00:10, Nico Golde wrote: > the following CVE (Common Vulnerabilities & Exposures) id was published for > phpgedview. Thanks Nico, I'll check it out soon. Thijs
Bug#443901: CVE-2007-5051 Multiple cross-site scripting (XSS) vulnerabilitie
Package: phpgedview Severity: important Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for phpgedview. CVE-2007-5051[0]: | Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView | 4.1.1 allow remote attackers to inject arbitrary web script or HTML | via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid | parameters in ancestry.php, and the (4) newpid parameter in | timeline.php. NOTE: the provenance of this information is unknown; the | details are obtained solely from third party information. If you fix this vulnerability please also include the CVE id in your changelog entry. I checked this issue and the mentioned variables are not sanitized before displayed. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5051 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgppKSIomPzgg.pgp Description: PGP signature