Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231729 Summary: trac < 0.10.3.1 XSS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: trac AssignedTo: jeff@xxxxxxxxxx ReportedBy: ville.skytta@xxxxxx QAContact: extras-qa@xxxxxxxxxxxxxxxxx CC: fedora-security-list@xxxxxxxxxx,limb@xxxxxxxxxxxx http://secunia.com/advisories/24470 http://trac.edgewall.org/wiki/ChangeLog#a0.10.3.1 "The vulnerability is caused due to an error within the "download wiki page as text" function, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation may require that the victim uses IE." Based on version numbers, all FE5+ releases affected. (No CVE id yet AFAIK) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list