[CKAN-Security] XSS for multiple sites
Adrià Mercader
adria.mercader at okfn.org
Thu Sep 14 13:02:46 UTC 2017
How does this site work? How can we get the details?
On 14 September 2017 at 13:52, David Read <david.read at hackneyworkshop.com>
wrote:
> To: CKAN Security list,
>
> I got alerted to this report of XSS on a number of CKAN sites:
>
> https://www.openbugbounty.org/reports/294186/
>
> I don't know the details of the specific problem, but I'm asking via
> my contacts.
> The CKAN versions on the list seems pretty broad and include the latest
> e.g.
>
> CKAN 2.2.4 https://data.england.nhs.uk/api/util/status
> CKAN 2.6.2 https://www.opendatani.gov.uk/api/util/status
>
> David
> _______________________________________________
> CKAN security
> https://lists.okfn.org/mailman/listinfo/security
> https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
>
> Repo: https://github.com/ckan/ckan-security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20170914/dd053e44/attachment-0001.html>
More information about the Security
mailing list