Date: Tue, 28 Aug 2012 01:07:20 -0500 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: letodms multiple issues On Tuesday 28 August 2012 00:49:51 Kurt Seifried wrote: > Welp if someone summarizes it I'll assign CVE's happily =). As per EDB-ID: 20759, there are at least the following issues: > 1. Reflected XSS in Login Page. But in fact it's not just the login page. However, since it's the same kind of vulnerability, I'd just assign one for all the out/ reflected XSS'. > 2. Stored XSS in Document Owner/User name (when viewing user document). > 3. Stored XS in Calendar. Perhaps those two could be covered by only one id. > 4. Change Password CSRF. And this one definitely needs its own id. If one is to review the code base, there are probably many more. The changes made to the SQL queries are just a hint. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.