Summary: | <net-im/ejabberd-2.0.4: XSS in MUC logs (CVE-2009-0934) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | caleb, net-im |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2009-03-16 19:15:46 UTC
CVE-2009-0934 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0934): Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs. 2.0.4 is now in portage Arches, please test and mark stable: =net-im/ejabberd-2.0.4 Target keywords : "amd64 x86" amd64/x86 stable, all arches done. GLSA voting, please. I'm tempted to say NO. XSS => no, closing. |