CVE-2012-1410
Published: 29 February 2012
Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.
Priority
Status
Package | Release | Status |
---|---|---|
kadu Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
(0.6.5.4.ds1-3ubuntu2)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(0.11.1-2)
|
|
quantal |
Not vulnerable
(0.11.1-2)
|
|
raring |
Not vulnerable
(0.11.1-2)
|
|
upstream |
Not vulnerable
(0.11.1-2)
|
|
Patches: upstream: https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52 upstream: https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84 upstream: https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0 upstream: https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6 |