[Bug 1254111] CVE-2015-5475 rt: multiple XSS flaws
bugzilla at redhat.com
bugzilla at redhat.com
Tue Aug 18 09:00:01 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1254111
--- Comment #3 from Martin Prpic <mprpic at redhat.com> ---
A second flaw has also been assigned a CVE:
RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack via
the cryptography interface. This vulnerability could allow an attacker with a
carefully-crafted key to inject JavaScript into RT's user interface.
Installations which use neither GnuPG nor S/MIME are unaffected.
This has been assigned CVE-2015-6506:
http://seclists.org/oss-sec/2015/q3/384
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the perl-devel
mailing list