A cross-site scripting flaw was found in AskBot, a question and answer forum written in Python and Django.
The flaw can be triggered by appending, for example:
to a question page on a vulnerable AskBot deployment.
This flaw is reported to be fixed in the latest release of AskBot, though it is unclear which one that is. askbot-0.7.51-4.el6.noarch is definitely vulnerable. The upstream changelog is not up-to-date:
Created askbot tracking bugs for this issue:
Affects: fedora-20 [bug 1221618]
Affects: epel-6 [bug 1221619]
Could you give me more information about the bug? I tested what you wrote but I couldn't trigger it.
Red Hat would like to thank Harsha Vardhan Boppana (@hvboppana) for reporting this issue.
Created attachment 1044309 [details]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.