224081 – (CVE-2008-2494) www-apps/zina <1.0_rc4 XSS and directory traversal vulnerability in index.php (CVE-2008-{2494,2495})

Bug 224081 (CVE-2008-2494) - www-apps/zina <1.0_rc4 XSS and directory traversal vulnerability in index.php (CVE-2008-{2494,2495})

Summary: www-apps/zina <1.0_rc4 XSS and directory traversal vulnerability in index.php...

Status:	RESOLVED FIXED

Alias:	CVE-2008-2494

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-05-29 12:49 UTC by Matthias Geerdsen (RETIRED)
Modified:	2008-09-07 17:41 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Geerdsen (RETIRED) gentoo-dev

2008-05-29 12:49:37 UTC

CVE-2008-2494 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2494):
  Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 allows
  remote attackers to inject arbitrary web script or HTML via the l parameter.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-08-25 21:13:30 UTC

Fixed in 1.0rc4:
http://sourceforge.net/project/shownotes.php?group_id=82527&release_id=620601

Comment 2 Gunnar Wrobel (RETIRED) gentoo-dev

2008-09-07 17:35:54 UTC

Added 1.0_rc4, removed 1.0_rc3, webapps done.

Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-09-07 17:41:42 UTC

(In reply to comment #2)
> Added 1.0_rc4, removed 1.0_rc3, webapps done.
> 

Thanks, closing wihtout glsa.