Red Hat Bugzilla – Bug 490902
CVE-2009-0934 ejabberd: XSS vulnerability
Last modified: 2016-03-04 05:51:37 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0934 to
the following vulnerability:
Reference: MLIST:[oss-security] 20090316 CVE request: XSS in MUC logs of ejabberd
Reference: URL: http://www.openwall.com/lists/oss-security/2009/03/16/1
Reference: CONFIRM: http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204
Reference: URL: http://www.securityfocus.com/bid/34133
Reference: URL: http://secunia.com/advisories/34340
Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4
allows remote attackers to inject arbitrary web script or HTML via
unknown vectors related to links and MUC logs.
I see that 2.0.4 is in testing and rawhide, so it just needs to be pushed to stable/updates for this to be corrected.
ejabberd-2.0.4-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
ejabberd-2.0.4-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Ok, pushed to Fedora repositories. I'm closing this ticket.