[CKAN-Security] XSS for multiple sites

Adrià Mercader adria.mercader at okfn.org
Thu Sep 14 14:20:43 UTC 2017


> If you are the website owner or administrator please contact the
researcher <https://www.openbugbounty.org/researchers/Spam404/> directly to
get vulnerability details and proceed to coordinated disclosure.

I'll try first emailing him and telling him I'm one of the maintainers and
if that doesn't work we'll have to do it via a Link Digital / Viderum site

On 14 September 2017 at 15:19, David Read <david.read at hackneyworkshop.com>
wrote:

> Adria,
>
> I believe you have to be the site owner to get the details.
> *Virderum* run opendatani.gov.uk
> *LinkDigital* run some of the Australian ones. Are any reps from them
> on this list?
>
> David
>
> On 14 September 2017 at 14:02, Adrià Mercader <adria.mercader at okfn.org>
> wrote:
> > How does this site work? How can we get the details?
> >
> > On 14 September 2017 at 13:52, David Read <david.read at hackneyworkshop.
> com>
> > wrote:
> >>
> >> To: CKAN Security list,
> >>
> >> I got alerted to this report of XSS on a number of CKAN sites:
> >>
> >> https://www.openbugbounty.org/reports/294186/
> >>
> >> I don't know the details of the specific problem, but I'm asking via
> >> my contacts.
> >> The CKAN versions on the list seems pretty broad and include the latest
> >> e.g.
> >>
> >> CKAN 2.2.4 https://data.england.nhs.uk/api/util/status
> >> CKAN 2.6.2 https://www.opendatani.gov.uk/api/util/status
> >>
> >> David
> >> _______________________________________________
> >> CKAN security
> >> https://lists.okfn.org/mailman/listinfo/security
> >> https://lists.okfn.org/mailman/options/security/
> adria.mercader%40okfn.org
> >>
> >> Repo: https://github.com/ckan/ckan-security
> >
> >
> >
> > _______________________________________________
> > CKAN security
> > https://lists.okfn.org/mailman/listinfo/security
> > https://lists.okfn.org/mailman/options/security/
> david.read%40hackneyworkshop.com
> >
> > Repo: https://github.com/ckan/ckan-security
> _______________________________________________
> CKAN security
> https://lists.okfn.org/mailman/listinfo/security
> https://lists.okfn.org/mailman/options/security/adria.mercader%40okfn.org
>
> Repo: https://github.com/ckan/ckan-security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.okfn.org/mailman/private/security/attachments/20170914/e14ce8b2/attachment-0001.html>


More information about the Security mailing list