Date: Tue, 7 Dec 2010 14:58:32 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: vanilla forums before 2.0.10, xss ----- "Steven M. Christey" <coley@...us.mitre.org> wrote: > > > > As for the "linkbait" issue, I have no clue. Nothing in git seems to > > point at that. > > > > Steve, does MITRE have a precedent for such a thing? > > The vendor is calling it a "vulnerability" which is good enough to assign > a CVE to, as a different vuln type than XSS. > > My guess is that it's open redirect, which is used to redirect users away > from the site towards spam or malware. Just a guess, though. > Let's use CVE-2010-4266 then. Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.