Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 14 Aug 2014 00:57:36 -0400
From: Andrew Nacin <nacin@...dpress.org>
To: cve-assign@...re.org
Cc: Open Source Security <oss-security@...ts.openwall.com>
Subject: Re: WordPress 3.9.2 release - needs CVE's

On Wed, Aug 13, 2014 at 1:47 AM, <cve-assign@...re.org> wrote:
>
>  > XSS: https://core.trac.wordpress.org/changeset/29398
>
> We think this can have a CVE ID only if it allows privilege escalation
> from Administrator to Super Admin in a Multisite installation. Does
> it? (On other installations, Administrator has the unfiltered_html
> capability.)
>

Yes.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ