Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 21 Apr 2016 10:55:46 -0400 (EDT)
From: cve-assign@...re.org
To: fr@...egrity.pt
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: Stored Cross-Site Scripting in TYPO3 Bookmarks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Can I have a CVE ID assigned to this Stored Cross-Site Scripting in
> TYPO3 Bookmarks?
> 
> https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/

>> Problem Description: Failing to properly encode incoming data, the
>> bookmark toolbar is susceptible to Cross-Site Scripting.

> https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/

>> To replicate this issue we go to any page and click on "Create a
>> bookmark to this page".
>> 
>> And now grab the POST request that is being passed to the server and
>> change the "module" parameter to your payload.

Use CVE-2016-4056.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXGOkgAAoJEHb/MwWLVhi2FiQP/1qjggqrBC8qjEN+PgJPeIhf
yLRSxbpXpmPJpaP/P5B/z71babzUFCYmzlyPLaDgvokdn4oLUHZL+C+FVpoS7nNr
D6Wj35JWhwbgwN8bjvmtjH61K7viFHMG3M/kVx+edt8pRAYVgzwoiX0+f6epYoJX
j9iEx76NRFeKLiNoolR27i/j3MirMaljPE3HBle9x3uIf7ClGPHGoORv2532gkU3
TImXvpCbPHORGCM/2WZWeoYRvhMCnA21pPS8nZvptQ2o15Risno2A98np03H4iBj
rIu3xV0U9wBMElp5ZooK5tiWhplkXKMnjZuATRfI8t6rBZbU5oW2/zUzWglPTgxt
czJN2TnqWgxA+ZSEHVRHBEXU7OBy5daRIHFYKlfkUmA7n+LeHcQkJ4zaxnwqENLB
LTwtxgZAzQEELy2ODqmxVs/oz6rsTZf2CknuRpLJUxtQ/6RSIhZC5ivdNV8pPMNY
3e/peVhCjO0NXFGPjygB3EcfPdQ/fcuTMaNsvRV9MqvwTerWgixciXtoELa/FI92
lzxsgb34paE/eAuQvDa3aPxwLk+OySXwKm4EQY2F1NW3ilFCx+Eh/Ajv/c3Jh4kM
rTR0MHo1VEiM3xs/NXyVnKgPhx0mvS+M/o5Gi6sI7K+7z3P6e6+DkrFzB8W2TIk6
EgycOanoaCIcW/KAQcc1
=263O
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ