"Fossies" - the Fresh Open Source Software Archive

Member "incubator-pagespeed-mod-1.14.36.1/html/doc/CVE-2012-4360.html" (28 Feb 2020, 1731 Bytes) of package /linux/www/apache_httpd_modules/incubator-pagespeed-mod-1.14.36.1.tar.gz:


Caution: In this restricted "Fossies" environment the current HTML page may not be correctly presentated and may have some non-functional links. You can here alternatively try to browse the pure source code or just view or download the uninterpreted raw source code. If the rendering is insufficient you may try to find and view the page on the incubator-pagespeed-mod-1.14.36.1.tar.gz project site itself.

mod_pagespeed Security Advisory: Cross-Site Scripting

CVE Identifier:
CVE-2012-4360
Disclosed:
September 12, 2012
Versions Affected:
mod_pagespeed versions 0.10.19.1 through 0.10.22.4 (inclusive). Versions 0.9.18.6 and earlier are unaffected.
Summary:
mod_pagespeed performs insufficient escaping in some cases, which can permit a hostile 3rd party to inject JavaScript running in context of the site.
Solution:
mod_pagespeed 0.10.22.6 has been released with a fix.