FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mod_pagespeed -- critical cross-site scripting (XSS) vulnerability

Affected packages
mod_pagespeed < 1.2.24.2,1

Details

VuXML ID 4e23644c-cb93-4f83-9e20-5bc07ad9b39f
Discovery 2013-10-04
Entry 2013-10-28

mod_pagespeed developers report:

Various versions of mod_pagespeed are subject to critical cross-site scripting (XSS) vulnerability, CVE-2013-6111. This permits a hostile third party to execute JavaScript in users' browsers in context of the domain running mod_pagespeed, which could permit theft of users' cookies or data on the site.

References

CVE Name CVE-2013-6111