Date: Thu, 16 Sep 2010 16:10:27 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: mantis before 1.2.3 (XSS) ----- "Kurt Seifried" <kurt@...fried.org> wrote: > > These four have no CVE #: > - 0012231: [security] XSS vulnerability when uninstalling maliciously > named plugins (dhx) - resolved. > - 0012232: [security] Multiple XSS issues with custom field > enumeration values (dhx) - resolved. > - 0012234: [security] XSS issues when using custom field String > values > (dhx) - resolved. > - 0012238: [security] XSS in print_all_bug_page_word.php when > printing > project and category names (dhx) - resolved. > I'm assigning one ID to all four of these. If someone thinks they should be split, let me know. Use CVE-2010-3303 Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ