Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 3 Jan 2012 20:29:46 +0200
From: Netsparker Advisories <advisories@...itunasecurity.com>
To: kseifried@...hat.com
Cc: oss-security@...ts.openwall.com, Henri Salo <henri@...v.fi>
Subject: Re: CVE-request: Symphony CMS Multiple Cross-Site
 Scripting and SQL Injection Vulnerabilities (NS-11-008)

Hello,

We are assigning these identifiers to the advisory.

Thanks,

On 22 November 2011 21:52, Kurt Seifried <kseifried@...hat.com> wrote:
> On 11/22/2011 04:09 AM, Henri Salo wrote:
>> Can we assign CVE-identifiers for these three issues, thank you?
>>
>> Found from: 2.2.3
>> Fixed in: 2.2.4
>>
>> 1. http://osvdb.org/show/osvdb/76882 / SA46663
>> extensions/profiledevkit/content/content.profile.php profile-parameter XSS
>>
>> 2. http://osvdb.org/show/osvdb/76883 / SA46663
>> symphony/lib/core/class.symphony.php filter-parameter XSS
>
> Ok merging these two issues (as per ADT4 specification)  please use
> CVE-2011-4340 for this issue.
>
>
>> 3. http://osvdb.org/show/osvdb/76884 / SA46663
>> symphony/content/content.publish.ph filter-parameter SQL injection
>> (Different than CVE-2010-3458)
>
> Please use CVE-2011-4341 for this issue.
>> References:
>> http://seclists.org/bugtraq/2011/Nov/8
>> http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-symphony-cms/
>> http://secunia.com/advisories/46663/
>> Advisory Reference: NS-11-008
>>
>> - Henri Salo
>
>
> --
>
> -Kurt Seifried / Red Hat Security Response Team
>



-- 
Netsparker Advisories, <advisories@...itunasecurity.com>
Homepage, http://www.mavitunasecurity.com/netsparker-advisories/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ