Date: Wed, 04 Jan 2012 00:02:48 -0700 From: Kurt Seifried <kseifrie@...hat.com> To: oss-security@...ts.openwall.com CC: Henri Salo <henri@...v.fi> Subject: Re: CVE-request: Multiple e107 vulnerabilities On 01/03/2012 03:04 PM, Henri Salo wrote: > 1) Multiple Script URI XSS > http://osvdb.org/show/osvdb/78047 > > 2) e107_admin/users.php resend_name Parameter XSS > http://osvdb.org/show/osvdb/78048 > > 3) User Signatures link BBCode XSS > http://osvdb.org/show/osvdb/78049 These 3 XSS vulns are being merged as per ADT4. Please use CVE-2011-4920 for these issues. > 4) usersettings.php username Parameter SQL Injection > http://osvdb.org/show/osvdb/78050 Please use CVE-2011-4921 for this issue. > > Secunia advisory: http://secunia.com/advisories/46706/ > > I do not know where to find SCM links. Secunia can probably help if needed. > > - Henri Salo http://e107.org/news.php?extend.885.2 http://e107.svn.sourceforge.net/viewvc/e107/ -- -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ