Date: Fri, 23 Jan 2015 13:07:32 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload On Fri, Jan 23, 2015 at 07:14:56AM +0100, Steffen Rösemann wrote: > I found multiple reflecting/stored XSS- and SQLi-vulnerabilities as well as > an unrestricted file upload in the CMS ferretCMS v.1.0.4 which is currently > in the alpha development stage. >From https://github.com/JRogaishio/ferretCMS/issues/63 """ However, please know that ferretCMS is in the 'alpha' development stage and as such is NOT recommended to be used on live websites. """ -- Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ