[Bug 231729] New: trac < 0.10.3.1 XSS

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231729 Summary: trac < 0.10.3.1 XSS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: trac AssignedTo: jeff(a)ocjtech.us ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list@redhat.com,limb(a)jcomserv.net http://secunia.com/advisories/24470 http://trac.edgewall.org/wiki/ChangeLog#a0.10.3.1 "The vulnerability is caused due to an error within the "download wiki page as text" function, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation may require that the victim uses IE." Based on version numbers, all FE5+ releases affected. (No CVE id yet AFAIK) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.