Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 14 Mar 2015 11:22:04 +0100
From: Damien Regad <dregad@...tisbt.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2014-6316: URL redirection issue in MantisBT

On 2014-12-05 23:35, P Richards wrote:
> "Paul Richards also found another redirection issue in permalink_page.php,
 > which turned out to have the same root cause."
>
> And nik-picking here, but the issue that I identified in permalink_page.php
 > I believe was a cross site scripting issue and not a URL redirection
 > vulnerability so should probably be allocated a separate CVE
 > identifier?

For the record, you reported it to me as a redirection, in the PDF 
document you sent by e-mail.

Anyway, since I came upon this following up on another user's report for 
the same issue, I'm setting things straight now with a CVE request for 
the XSS:

http://thread.gmane.org/gmane.comp.security.oss.general/16119


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ