Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Jul 2014 20:59:19 +0200
From: Adan Alvarez <adan.alvarez.90@...il.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Duplicated CVE - Cacti XSS

Hello,

I requested a CVE to mitre three days ago because of the security bug I
found: http://bugs.cacti.net/view.php?id=2456

CVE-2014-5043.

Unfortunately, there are currently two CVE assigned to this security issue:
CVE-2014-5025 and CVE-2014-5026.

So I don't know what should I do.

On the other hand,  I just discovered another XSS vulnerability that is not
solved by the current patch.

Here you have the details to reproduce it:

Create a new user or edit an existing one with the following Full Name:
[XSS]
Then go to System Utilities - View User Log, and if the user has logged in
you will see a popup with the text "XSS".

Maybe the CVE-2014-5043 can by used to identify this last discovery.

Regards,
Adan

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ