[CVE-2008-1468] XSS vulnerability via UTF-7 encoded input
Bug #212196 reported by
William Grant
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
namazu2 (Debian) |
Fix Released
|
Unknown
|
|||
namazu2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Edgy |
Invalid
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: namazu2
"Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information."
CVE References
Changed in namazu2: | |
status: | New → Confirmed |
status: | New → Confirmed |
status: | New → Confirmed |
status: | New → Confirmed |
status: | New → Confirmed |
Changed in namazu2: | |
status: | Unknown → Fix Released |
To post a comment you must log in.
The 18 month support period for Edgy Eft 6.10 has reached it's end of life. As a result, we are closing the Edgy Eft task. However, please note that this report will remain open against the actively developed release. Thank you for your continued support and help as we debug this issue.