Hello Josh, Steve, vendors,
it was found that DokuWiki's RSS embedding mechanism did not properly
escape user-provided links. An attacker could use this flaw to conduct
cross-site scripting (XSS) attacks, potentially leading to arbitrary
JavaScript code execution.
References:
-----------
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631818
[2]
http://www.certa.ssi.gouv.fr/site/CERTA-2011-AVI-366/CERTA-2011-AVI-366.html
[3]
http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind
[4] https://bugzilla.redhat.com/show_bug.cgi?id=717146
Solution:
---------
This issue has been addressed in upstream "2011-05-25 Rincewind"
release:
[5] http://www.dokuwiki.org/changes
This issue doesn't seem to have a CVE identifier yet. Could you allocate
one?
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
