|
|
Subscribe / Log in / New account

sagemath: cross-site scripting

Package(s):sagemath CVE #(s):CVE-2012-4230
Created:December 22, 2014 Updated:January 6, 2015
Description: From the CVE entry:

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element.

Alerts:
Fedora FEDORA-2014-17461 roundcubemail 2015-01-06
Fedora FEDORA-2014-17450 roundcubemail 2015-01-06
Fedora FEDORA-2014-16667 sagemath 2014-12-21
Fedora FEDORA-2014-16756 sagemath 2014-12-19
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds