9 matches found
Debian DSA-2092-1 : lxr-cvs - missing input sanitizing
Dan Rosenberg discovered that in lxr-cvs, a code-indexing tool with a web frontend, not enough sanitation of user input is performed; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
[SECURITY] [DSA 2092-1] New lxr-cvs packages fix cross-site scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2092-1 [email protected] http://www.debian.org/security/ Sebastien Delafond Aug 17th, 2010 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2092-1] New lxr-cvs packages fix cross-site scripting
------------------------------------------------------------------------ Debian Security Advisory DSA-2092-1 [email protected] http://www.debian.org/security/ Sébastien Delafond Aug 17th, 2010 http://www.debian.org/security/faq -...
CVE-2010-1448
Cross-site scripting XSS vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via vectors related to a string in the search page's TITLE element, a different vulnerability than CVE-2009-4497 and CVE-2010-1625...
CVE-2010-1448
Cross-site scripting XSS vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via vectors related to a string in the search page's TITLE element, a different vulnerability than CVE-2009-4497 and CVE-2010-1625...
CVE-2010-1448
Cross-site scripting XSS vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via vectors related to a string in the search page's TITLE element, a different vulnerability than CVE-2009-4497 and CVE-2010-1625...
CVE-2010-1448
CVE-2010-1448 is a cross-site scripting (XSS) vulnerability in the LXR Cross Referencer. The flaw resides in the file lib/LXR/Common.pm and affects versions prior to 0.9.8 . An attacker can inject arbitrary web script/HTML by exploiting a string in the search page’s TITLE element. This entry is r...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1448. Reason: This candidate is a duplicate of CVE-2010-1448. Notes: All CVE users should reference CVE-2010-1448 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2010-1738
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1448. Reason: This candidate is a duplicate of CVE-2010-1448. Notes: All CVE users should reference CVE-2010-1448 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...