Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 May 2012 18:53:05 -0600
From: Greg Knaddison <>
Subject: CVE Request for Drupal contributed modules


First, thanks to Kurt for getting us CVEs in advance on Drupal core's
latest release at with CVEs on each

This is a CVE request for the following contributed module issues:  SA-CONTRIB-2012-072 - cctags - Cross
Site Scripting (XSS)  SA-CONTRIB-2012-071 - Glossify - Cross
Site Scripting (XSS) - Unsupported  SA-CONTRIB-2012-070 - Taxonomy Grid :
Catalog - Cross Site Scripting (XSS) - Unsupported  SA-CONTRIB-2012-069 - Addressbook -
Multiple vulnerabilities - Unsupported  SA-CONTRIB-2012-068 - Node Gallery -
Cross Site Request Forgery (CSRF) - Unsupported  SA-CONTRIB-2012-067 - Linkit - Access bypass  SA-CONTRIB-2012-066 - Spaces and
Spaces OG - Access Bypass  SA-CONTRIB-2012-065 - Sitedoc -
Information disclosure  SA-CONTRIB-2012-064 - Ubercart -
Multiple vulnerabilities  SA-CONTRIB-2012-063 - RealName - Cross
Site Scripting (XSS)  SA-CONTRIB-2012-062 - Creative Commons
- Cross Site Scripting (XSS)

Other issues from 2012 that don't have a CVE per your policies:  SA-CONTRIB-2012-056 - Janrain Engage -
Sensitive Data Protection Vulnerability  SA-CONTRIB-2012-050 - CDN2 Video - Unsupported


Director Security Services | +1-720-310-5623
Skype: greg.knaddison | |

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ