Red Hat Bugzilla – Bug 1221616
CVE-2015-3169 askbot: cross-site scripting flaw
Last modified: 2016-04-04 12:13:14 EDT
A cross-site scripting flaw was found in AskBot, a question and answer forum written in Python and Django.
The flaw can be triggered by appending, for example:
to a question page on a vulnerable AskBot deployment.
This flaw is reported to be fixed in the latest release of AskBot, though it is unclear which one that is. askbot-0.7.51-4.el6.noarch is definitely vulnerable. The upstream changelog is not up-to-date:
Created askbot tracking bugs for this issue:
Affects: fedora-20 [bug 1221618]
Affects: epel-6 [bug 1221619]
Could you give me more information about the bug? I tested what you wrote but I couldn't trigger it.
Red Hat would like to thank Harsha Vardhan Boppana (@hvboppana) for reporting this issue.
Created attachment 1044309 [details]