[CKAN-Security] XSS for multiple sites
David Read
david.read at hackneyworkshop.com
Thu Sep 14 14:19:10 UTC 2017
Adria,
I believe you have to be the site owner to get the details.
*Virderum* run opendatani.gov.uk
*LinkDigital* run some of the Australian ones. Are any reps from them
on this list?
David
On 14 September 2017 at 14:02, Adrià Mercader <adria.mercader at okfn.org> wrote:
> How does this site work? How can we get the details?
>
> On 14 September 2017 at 13:52, David Read <david.read at hackneyworkshop.com>
> wrote:
>>
>> To: CKAN Security list,
>>
>> I got alerted to this report of XSS on a number of CKAN sites:
>>
>> https://www.openbugbounty.org/reports/294186/
>>
>> I don't know the details of the specific problem, but I'm asking via
>> my contacts.
>> The CKAN versions on the list seems pretty broad and include the latest
>> e.g.
>>
>> CKAN 2.2.4 https://data.england.nhs.uk/api/util/status
>> CKAN 2.6.2 https://www.opendatani.gov.uk/api/util/status
>>
>> David
>> _______________________________________________
>> CKAN security
>> https://lists.okfn.org/mailman/listinfo/security
>> https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
>>
>> Repo: https://github.com/ckan/ckan-security
>
>
>
> _______________________________________________
> CKAN security
> https://lists.okfn.org/mailman/listinfo/security
> https://lists.okfn.org/mailman/options/security/david.read%40hackneyworkshop.com
>
> Repo: https://github.com/ckan/ckan-security
More information about the Security
mailing list