Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <516D1590.1050805@redhat.com>
Date: Tue, 16 Apr 2013 03:10:40 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE for XSS in EasyPHPCalender script

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/12/2013 05:47 PM, Anant Shrivastava wrote:
> Hi Team,
> 
> can i please have a CVE for this issues
> 
> http://www.easyphpcalendar.com/forums/showthread.php?p=45554#post45554
>
>  technical details are not issued however the two issues are
> pertaining to XSS in following two files in the package.
> 
> index.php datePicker.php
> 
> This issue affect both free version i.e. version 6. as well as
> commerical version < 7.0.13
> 
> Changelog visible here for v7 : 
> http://docs7.easyphpcalendar.com/source/ChangeLog/changeLog.htm for
> v6 patch is listed here
> :http://www.easyphpcalendar.com/v6download.php as  Security Patch -
> Released April 9, 
> 2013<http://www.easyphpcalendar.com/files/EPC6Patch.zip>
> 
> Thanks in advance.
> 
> -Anant
> 

Please use CVE-2013-1955 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRbRWPAAoJEBYNRVNeJnmTROcP/icTW6vQqTSbnCjt3z6/S6u6
0zQyXKmDUqtAPsNAPH0VGg6PSoTa88eiM1Bfxme0sRPEyLh15jjjNhvKVi0LfdqZ
ImWkohMp3QBGjhIw8jwu1p752cQ7lRq9OvT9W5bshwusrSlxi66q2wf59OCwLUQ6
oRRhwoaYlYzZNl1s7/yXL3QvbgCjjPtuTxvHQZlFbOvqzrH37yMkqyVoBgjIPik5
fDwt4jlY6g/zl1Vc9iMpr349bP8qsz9hqQWPu72D7LwpVc+yqda74guhk0GNYroM
z6ZRj5CrqLSVgOSaFMOyfCU7q+N12stKkQdDdVGg0sIimVsAk/rC0keoaOSPVKa2
ker4X/u3HhEGz2zCg/Z7eaOo/oBrtdG74el8kEmlXi5im+MLw1q9IXmAp9jJ3TRU
8AzlCXhX9tqIOeoac+6EAQIaDg7b88Ht15QghoNLJu1SHVEJcxzn8Ird74tVVEuY
7ifFnr/WNlzlvcmW6pookxhiapBe5FdkQZbkAJLC8mUpM+zIknew+4mCjoG/KUQl
JwlYYjR+5iNs7y2g/ruDIYMoIUOdkdomBTStmFOdu0Q0hDWyl1v0t5FJ7AhY8V7Q
FK24CqA42LQuATeHkmePyI1kqEXOOW3qH1lnYbSgNmz+u7anHmigsyQn4IF11m5i
YSXrBgVLy0Bwmazhxggt
=PDo4
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.