| <html> |
| <head> |
| <meta name="viewport" content="width=device-width, initial-scale=1"> |
| <title>mod_pagespeed Security Advisory: Cross-Site Scripting</title> |
| <link rel="stylesheet" href="doc.css"> |
| </head> |
| <body> |
| <!--#include virtual="_header.html" --> |
| |
| |
| <div id=content> |
| <h1>mod_pagespeed Security Advisory: Cross-Site Scripting</h1> |
| <dl> |
| <dt>CVE Identifier:</dt> |
| <dd>CVE-2012-4360</dd> |
| <dt>Disclosed:</dt> |
| <dd>September 12, 2012</dd> |
| <dt>Versions Affected:</dt> |
| <dd>mod_pagespeed versions 0.10.19.1 through 0.10.22.4 (inclusive). |
| Versions 0.9.18.6 and earlier are unaffected.</dd> |
| <dt>Summary:</dt> |
| <dd>mod_pagespeed performs insufficient escaping in some cases, which can |
| permit a hostile 3rd party to inject JavaScript running in context of |
| the site.</dd> |
| <dt>Solution:</dt> |
| <dd>mod_pagespeed 0.10.22.6 has been released with a fix.</dd> |
| </div> |
| <!--#include virtual="_footer.html" --> |
| </body> |
| </html> |