Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-4524

Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences.

Related bugs and status

CVE-2010-4524 (Candidate) is related to these bugs:

Bug #741527: XSS issue in lists.launchpad.net

Summary				In	Importance	Status
	741527	XSS issue in lists.launchpad.net		Launchpad itself	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.vupen.com/e...
MISC: http://www.vupen.com/e...
MISC: http://lists.mandriva....
MISC: http://www.mail-archiv...
MISC: http://openwall.com/li...
MISC: http://openwall.com/li...
MISC: http://openwall.com/li...
MISC: http://openwall.com/li...
MISC: http://bugs.debian.org...
MISC: http://savannah.nongnu...
MISC: https://bugzilla.redha...