Date: Tue, 18 May 2010 13:36:27 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: phorum < 5.2.15 backend XSS On Tue, 18 May 2010, Josh Bressers wrote: > ----- "Hanno Böck" <hanno@...eck.de> wrote: > >> Release notes: >> http://www.facebook.com/note.php?note_id=371190874581 >> >> >> "It also has some security fixes for another less important XSS where a >> user could "attack himself" with adding an invalid email address (thanks >> to Carlos Ghan for pointing out this issue), see the changelog below for >> details. " >> > > Does someone have some additional details for this? I don't see enough > information for me to assign a CVE id. Welcome to daily life in CVE. In this case we have an announcement from the vendor alluding to at least one security problem, and a fix for it. This is (unfortunately) sufficient for us to assign a CVE to it. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.