Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 7 Dec 2010 14:58:32 -0500 (EST)
From: Josh Bressers <>
Cc: coley <>
Subject: Re: CVE request: vanilla forums before 2.0.10, xss

----- "Steven M. Christey" <> wrote:
> >
> > As for the "linkbait" issue, I have no clue. Nothing in git seems to
> > point at that.
> >
> > Steve, does MITRE have a precedent for such a thing?
> The vendor is calling it a "vulnerability" which is good enough to assign
> a CVE to, as a different vuln type than XSS.
> My guess is that it's open redirect, which is used to redirect users away
> from the site towards spam or malware.  Just a guess, though.

Let's use CVE-2010-4266 then.



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ