update for recent XSS
parent
3b27d8fafa
commit
02f745a675
|
@ -497,3 +497,12 @@ Raúl Benencia discovered an additional XSS exposure in the meta plugin.
|
|||
This hole was discovered on 16 May 2012 and fixed the same day with
|
||||
the release of ikiwiki 3.20120516. A fix was backported to Debian squeeze,
|
||||
as version 3.20100815.9. An upgrade is recommended for all sites.
|
||||
|
||||
## XSS via openid selector
|
||||
|
||||
Raghav Bisht discovered this XSS in the openid selector.
|
||||
|
||||
The hole was reported on March 24th, a fix was developed on March 27th,
|
||||
and the fixed version was released on the 29th. A fix was backported
|
||||
to Debian wheezy as version 3.20141016.2. An upgrade is recommended for
|
||||
sites using CGI and openid.
|
||||
|
|
Loading…
Reference in New Issue