Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Jul 2014 20:59:19 +0200
From: Adan Alvarez <>
Subject: Duplicated CVE - Cacti XSS


I requested a CVE to mitre three days ago because of the security bug I


Unfortunately, there are currently two CVE assigned to this security issue:
CVE-2014-5025 and CVE-2014-5026.

So I don't know what should I do.

On the other hand,  I just discovered another XSS vulnerability that is not
solved by the current patch.

Here you have the details to reproduce it:

Create a new user or edit an existing one with the following Full Name:
Then go to System Utilities - View User Log, and if the user has logged in
you will see a popup with the text "XSS".

Maybe the CVE-2014-5043 can by used to identify this last discovery.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ