html/doc/CVE-2012-4360.html - incubator-pagespeed-mod - Git at Google

 <html>
   <head>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <title>mod_pagespeed Security Advisory: Cross-Site Scripting</title>
     <link rel="stylesheet" href="doc.css">
   </head>
   <body>
 <!--#include virtual="_header.html" -->


   <div id=content>
 <h1>mod_pagespeed Security Advisory: Cross-Site Scripting</h1>
 <dl>
   <dt>CVE Identifier:</dt>
     <dd>CVE-2012-4360</dd>
   <dt>Disclosed:</dt>
     <dd>September 12, 2012</dd>
   <dt>Versions Affected:</dt>
     <dd>mod_pagespeed versions 0.10.19.1 through 0.10.22.4 (inclusive).
     Versions 0.9.18.6 and earlier are unaffected.</dd>
   <dt>Summary:</dt>
     <dd>mod_pagespeed performs insufficient escaping in some cases, which can
     permit a hostile 3rd party to inject JavaScript running in context of
     the site.</dd>
   <dt>Solution:</dt>
     <dd>mod_pagespeed 0.10.22.6 has been released with a fix.</dd>
   </div>
   <!--#include virtual="_footer.html" -->
   </body>
 </html>
	<html>
	<head>
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<title>mod_pagespeed Security Advisory: Cross-Site Scripting</title>
	<link rel="stylesheet" href="doc.css">
	</head>
	<body>
	<!--#include virtual="_header.html" -->


	<div id=content>
	<h1>mod_pagespeed Security Advisory: Cross-Site Scripting</h1>
	<dl>
	<dt>CVE Identifier:</dt>
	<dd>CVE-2012-4360</dd>
	<dt>Disclosed:</dt>
	<dd>September 12, 2012</dd>
	<dt>Versions Affected:</dt>
	<dd>mod_pagespeed versions 0.10.19.1 through 0.10.22.4 (inclusive).
	Versions 0.9.18.6 and earlier are unaffected.</dd>
	<dt>Summary:</dt>
	<dd>mod_pagespeed performs insufficient escaping in some cases, which can
	permit a hostile 3rd party to inject JavaScript running in context of
	the site.</dd>
	<dt>Solution:</dt>
	<dd>mod_pagespeed 0.10.22.6 has been released with a fix.</dd>
	</div>
	<!--#include virtual="_footer.html" -->
	</body>
	</html>