Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 325575 (CVE-2010-1448) - www-apps/lxr: multiple vulnerabilites (CVE-2010-{1448,1625})
Summary: www-apps/lxr: multiple vulnerabilites (CVE-2010-{1448,1625})
Status: RESOLVED FIXED
Alias: CVE-2010-1448
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://sourceforge.net/projects/lxr/f...
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-25 19:59 UTC by Stefan Behte (RETIRED)
Modified: 2013-12-16 13:05 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-06-25 19:59:12 UTC 
CVE-2010-1448 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1448):
  Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR
  Cross Referencer before 0.9.8 allows remote attackers to inject
  arbitrary web script or HTML via vectors related to a string in the
  search page's TITLE element, a different vulnerability than
  CVE-2009-4497 and CVE-2010-1625.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-06-25 20:01:44 UTC 
Please provide an updated ebuild.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-06-25 21:36:44 UTC 
CVE-2010-1448 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1448):
  Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR
  Cross Referencer before 0.9.8 allows remote attackers to inject
  arbitrary web script or HTML via vectors related to a string in the
  search page's TITLE element, a different vulnerability than
  CVE-2009-4497 and CVE-2010-1625.

CVE-2010-1625 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1625):
  Cross-site scripting (XSS) vulnerability in LXR Cross Referencer
  before 0.9.7 allows remote attackers to inject arbitrary web script
  or HTML via vectors related to the search body and the results page
  for a search, a different vulnerability than CVE-2009-4497 and
  CVE-2010-1448.
Comment 3 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-12 21:44:34 UTC 
Security bumped and old cleaned. Closing noglsa.