Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 12 Mar 2016 12:25:44 +0200
From: Henri Salo <henri@...v.fi>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE request: XSS in WP Super Cache < 1.4.3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Apr 05, 2015 at 09:07:23AM +0200, Hanno Böck wrote:
> https://wordpress.org/plugins/wp-super-cache/changelog/
> 
> 1.4.3
> Security release fixing an XSS bug in the settings page. Props Marc
> Montpas from Sucuri.

Also post http://www.openwall.com/lists/oss-security/2015/04/05/2 notes that
this might be related commit:

https://plugins.trac.wordpress.org/changeset/1127138

This case seems to be still unassigned. Is it possible to get a CVE assigned for
this vulnerability, thank you? WP Super Cache does have over million active
installations according to the WordPress Plugin Directory. Is there a reason
that this never got assigned? If additional information is needed I can provide
it.

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJW4+6oAAoJECet96ROqnV06qcQALfVi9MrvjGYPY7cpEMhG/It
P2RMSKofO2ksRY/Lzs2O5TLnlggNcQX00K+3dhcUrnPrKVFpWLNvodhddy+1Z5Zn
0VCAOESlhaa7vhMVWKaOV8dzzO1ykfjOPZma5Ml1MOZSEwxTxCjScBPbKgFtTsNG
ApZC8KQqkF6tPP6leKvfhtPj56bSuuFsdcY7VsNhmvPcQl41F3YA2TEEw/22C+/p
496D+rmxkfI+bUei9p3L7KRbo+EBt9Jv0x3YrIUWVYHegjb1ETvcvN4RmTiSeu9U
XmusNg6+Ej83HPkJvZmM0Pyu7aAGqfRC788yI+tWojjlOci3qHI3bG2W8J7eHjyj
Qffifk3QpRX3r/UYFpovAst8gAsEfIKRze1SC+o6P1jRiS7zfufSCeSxj4vdcNA/
DAE2VQ7sgsuS1DmiENpHv5mHsVAtkb5QpjYVq+jK7fZHYPgq5DkwCyG987Z/Rv9S
72IDqPcHh5zsCiBRm1Fsi/6rX1KRNrAk4rD09Cd6+wU8ulXM8d/JPst6XpNynGl7
BQONyCNNGZdRy+JGXF0lZ5We1DQ7eHXEB+jkNnXP4JS7UefkoKBO2rjSKfVOWk2l
pN7VCCyaKsqKvSTtyEQ88Ipb7oIdGLVvHIzqdcWtnwwqwfvGjoHCerFdgdBZfH5c
GGscrRUOdTPqmpKSDjaV
=tCbo
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ