<< Bundesamt für Bildqualität in der Informationstechnik | Home | Funktioniert nicht? Nicht schlimm! >>

Security Notes for pebble

xss issues in 2.3.1 and trunk, released 2.3.2

Recently some XSS issues where found in pebble, a lightweight Java blogging engine, released under the BSD license. One of these bugs was effective in the current release 2.3.1 which has just been updated to 2.3.2 due to this bug.

The first one, published on the mailing list on 08.02.2009, was an issue about comments and the handling of info messages in the current trunk and has been fixed in the current nightly build.

Following this announcement, James Roper found another XSS vulnerability, this time also in 2.3.1, as well as in trunk. This is an issue with the referrer log displaying unsanitized referrers.

This issue is fixed in version 2.3.2 as well as in the trunk nightly build.

Thank you to James for finding and reporting this issue.

Kommentar hinzufügen Trackback senden