Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 24 Feb 2014 09:07:43 -0500 (EST)
From: cve-assign@...re.org
To: hanno@...eck.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: XSS in MODX Revolution before 2.2.11

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> MODX Revolution 2.2.11 release announcement:
> http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss/
> says
> "Prevent XSS on actionVar in header.tpl in the Manager"
> 
> https://github.com/modxcms/revolution/commit/77463eb6a8090f474b04fdc1b72225cb93c558ea

Use CVE-2014-2080.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTC1A6AAoJEKllVAevmvmsxM0H/jAfv9SsQmSQYpihJ+ONHjuZ
7nbiaPaNZ8yTY4gnlXQD7r8aV8CT3k/tQ36jPd7zOWzuadszTWlYe6BjHDPXO9F9
qI4fMQal3w1piqa3q8dpQFgAOjBNXdwmMlKZ+oALrJ4iu5456HQexNRzmGyLJXdy
pe0BfHAnGCv1mzXhFqaP4Txqq2uI/1DchVoS9Poz+b7CboTz20UbvOOe9PnpLhju
+eKhz33rD8neS/u/OS+O8RbAVOVSZIl2Fbl+bXmjfhLT5xdyJQW49sSMNe0FIMjn
JzvbkGJhvVL5+SMoJIdJMTvqnSzTvzMExvnSBTa2KVgvDXcRl7CdYPTOwany0xU=
=wOIY
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ