Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.64.1502121133220.24585@beijing.mitre.org>
Date: Thu, 12 Feb 2015 11:34:44 -0500 (EST)
From: cve-assign@...re.org
To: Francisco Alonso <rs@...skills.cz>
cc: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Re: CVE request: Reflected XSS / Content Spoofing in
 FlexPaper


> Can a CVE please be assigned to the following issue:
>
> FlexPaper Flash viewer Reflected XSS and Content Spoofing via Swfile
> parameter in FlexPaperViewer.swf file.
>
> Fixed via FlexPaper 2.3.1 Release.
>
> References:
> http://blog.flexpaper.org/post/105984224083/flexpaper-2-3-1-release-notes
> https://code.google.com/p/flexpaper/
> http://www.theregister.co.uk/2014/12/23/wikileaks_pdf_viewer_vuln/
> http://www.pcworld.com/article/2862812/flaw-in-opensource-pdf-viewer-could-put-wikileaks-users-others-at-risk.html

CVE-2014-9677 - XSS

CVE-2014-9678 - content spoofing

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.