Date: Sat, 14 Mar 2015 11:22:04 +0100 From: Damien Regad <dregad@...tisbt.org> To: oss-security@...ts.openwall.com Subject: Re: CVE-2014-6316: URL redirection issue in MantisBT On 2014-12-05 23:35, P Richards wrote: > "Paul Richards also found another redirection issue in permalink_page.php, > which turned out to have the same root cause." > > And nik-picking here, but the issue that I identified in permalink_page.php > I believe was a cross site scripting issue and not a URL redirection > vulnerability so should probably be allocated a separate CVE > identifier? For the record, you reported it to me as a redirection, in the PDF document you sent by e-mail. Anyway, since I came upon this following up on another user's report for the same issue, I'm setting things straight now with a CVE request for the XSS: http://thread.gmane.org/gmane.comp.security.oss.general/16119
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ