Date: Sun, 25 Dec 2011 16:37:51 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Cc: security@...mla.org Subject: CVE-request for three 2009 Joomla issues (second part) Can I get three CVEs assigned for these issues: 1) "Input passed via the "HTTP_REFERER" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site." http://developer.joomla.org/security/news/298-20090604-core-frontend-xss-httpreferer-not-properly-filtered.html http://osvdb.org/show/osvdb/55589 2) "Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site." http://developer.joomla.org/security/news/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html http://osvdb.org/show/osvdb/55590 3) "A security issue exists due to certain files missing the check for JEXEC, which can lead to the disclosure of path information." http://developer.joomla.org/security/news/300-20090606-core-missing-jexec-check.html (different than 302-20090722-core-missing-jexec-check.html) http://osvdb.org/show/osvdb/55591 Secunia advisory: http://secunia.com/advisories/35668/ - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ