Launchpad.net

CVE 2008-1468

Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.

Related bugs and status

CVE-2008-1468 (Candidate) is related to these bugs:

Bug #212196: [CVE-2008-1468] XSS vulnerability via UTF-7 encoded input

		In	Importance	Status
212196	[CVE-2008-1468] XSS vulnerability via UTF-7 encoded input	namazu2 (Ubuntu)	Undecided	Fix Released
212196	[CVE-2008-1468] XSS vulnerability via UTF-7 encoded input	namazu2 (Ubuntu Dapper)	Undecided	Won't Fix
212196	[CVE-2008-1468] XSS vulnerability via UTF-7 encoded input	namazu2 (Ubuntu Edgy)	Undecided	Invalid
212196	[CVE-2008-1468] XSS vulnerability via UTF-7 encoded input	namazu2 (Ubuntu Hardy)	Undecided	Won't Fix
212196	[CVE-2008-1468] XSS vulnerability via UTF-7 encoded input	namazu2 (Ubuntu Feisty)	Undecided	Won't Fix
212196	[CVE-2008-1468] XSS vulnerability via UTF-7 encoded input	namazu2 (Ubuntu Gutsy)	Undecided	Won't Fix
212196	[CVE-2008-1468] XSS vulnerability via UTF-7 encoded input	namazu2 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.namazu.org/...
SECUNIA: 29386
BID: 28380
FEDORA: FEDORA-2008-2678
FEDORA: FEDORA-2008-2767
SECUNIA: 29561
SUSE: SUSE-SR:2008:017
SECUNIA: 31687
JVN: JVN#00892830
HP: HPSBMA02492
HP: SSRT100079
SECUNIA: 39645
HP: HPSBMA02525
HP: SSRT100083
XF: namazu-character-encod...