Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 142597 - www-apps/sitebar - cross-site scripting vulnerability (CVE-2006-3320)
Summary: www-apps/sitebar - cross-site scripting vulnerability (CVE-2006-3320)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa] jaervosz
Depends on:
Reported: 2006-08-02 18:30 UTC by Carsten Lohrke (RETIRED)
Modified: 2006-08-21 11:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

sitebar.patch (sitebar.patch,466 bytes, patch)
2006-08-12 08:05 UTC, Thierry Carrez (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2006-08-02 18:30:58 UTC
Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2006-08-12 08:05:51 UTC
Created attachment 94053 [details, diff]

Patch extracted from Debian diff
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2006-08-12 08:07:15 UTC
web-apps, please bump 3.3.8 with patch.
Comment 3 Renat Lumpau (RETIRED) gentoo-dev 2006-08-17 08:59:43 UTC
Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-08-17 10:46:36 UTC
Thanks Renat

PPC, please could you test and mark stable if possible sitebar-3.3.8, thanks in advance
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2006-08-18 08:47:48 UTC
ppc stable
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-19 09:18:02 UTC
I vote NO.
Comment 7 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-08-21 01:14:20 UTC
another no
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-08-21 11:19:51 UTC
2 NO -> closing with NO GLSA.

Feel free to reopen if you disagree.