Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 7 Dec 2010 14:58:32 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: vanilla forums before 2.0.10, xss


----- "Steven M. Christey" <coley@...us.mitre.org> wrote:
> >
> > As for the "linkbait" issue, I have no clue. Nothing in git seems to
> > point at that.
> >
> > Steve, does MITRE have a precedent for such a thing?
> 
> The vendor is calling it a "vulnerability" which is good enough to assign
> a CVE to, as a different vuln type than XSS.
> 
> My guess is that it's open redirect, which is used to redirect users away
> from the site towards spam or malware.  Just a guess, though.
> 

Let's use CVE-2010-4266 then.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.