[Lxr-dev] [ lxr-Bugs-2926043 ] Cross-Site Scripting bugs in LXR
Brought to you by:
ajlittoz
Menu
▾
▴
[Lxr-dev] [ lxr-Bugs-2926043 ] Cross-Site Scripting bugs in LXR
|
From: SourceForge.net <no...@so...> - 2010-01-05 22:04:45
|
Bugs item #2926043, was opened at 2010-01-05 06:26 Message generated for change (Comment added) made by mbox You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=390117&aid=2926043&group_id=27350 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Browsing Group: v0.9.6 Status: Closed Resolution: Accepted Priority: 5 Private: No Submitted By: Dan Rosenberg (drosenbe) Assigned to: Malcolm Box (mbox) Summary: Cross-Site Scripting bugs in LXR Initial Comment: Apologies if you've received duplicate e-mail from me, but I haven't received any response from the LXR SourceForge e-mail addresses. There are several cross-site scripting vulnerabilities in LXR. These vulnerabilities could allow an attacker to execute scripts in a user's browser, steal cookies associated with vulnerable domains, redirect the user to malicious websites, etc. A proof-of-concept URL may look like: http://www.example.com/lxr/ident?i=<script>alert('XSS')</script> I have confirmed these vulnerabilities in LXR 0.9.6 and 0.9.5. The experimental LXR installation in use at lxr.linux.no is also vulnerable with certain settings. This issue has been assigned CVE-2009-4497. I have written a patch for this issue, and I'd be happy to work with you to resolve the problem. Please reply to discuss fixing and publishing this bug. Thanks, Dan Rosenberg ---------------------------------------------------------------------- >Comment By: Malcolm Box (mbox) Date: 2010-01-05 22:04 Message: Fixed in release 0.9.7 ---------------------------------------------------------------------- Comment By: Malcolm Box (mbox) Date: 2010-01-05 22:04 Message: Fixed in release 0.9.7 ---------------------------------------------------------------------- Comment By: Malcolm Box (mbox) Date: 2010-01-05 22:04 Message: This has now been fixed in the SF LXR codebase. As for the maintenance status is I think the most accurate answer is "patchy", as in I'd be very happy to find someone else to take over... ---------------------------------------------------------------------- Comment By: Arne Georg Gleditsch (argggh) Date: 2010-01-05 21:40 Message: Thank you for your report. (This is the first I've seen of it -- what addresses did you try earlier?) I'm honestly not sure what the maintenance status of the SF-hosted LXR code base is these days -- perhaps some of the other developers would like to speak up? I have not myself touched this code for some time. Regarding the lxr.linux.no code base, I'd be more than happy to attend to any issues you have found. You can reach me directly on ar...@gl... if you wish. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=390117&aid=2926043&group_id=27350 |
