Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Oct 2013 19:23:28 -0500 (CDT)
From: security curmudgeon <>
Subject: Re: CVE request: Simple Machines Forum (SMF) <= 2.0.5 - multiple

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 01 Oct 2013 10:07:22 -0600

Please use CVE-2013-4395 for the XSS vuln.


Which XSS vuln? =) That thread was messy, but Henri and others appear to 
have identified and/or confirmed four different ones:

/Sources/ManageServer.php Multiple XSS;file=smf_patch_2.0.5.tar.gz;smf_version=2.0.4

index.php admin Action board_name Parameter Stored XSS

index.php pm Action sa Parameter Stored XSS

index.php admin Action desc Parameter Stored XSS

That is what I took away from the entire thread at least. Can someone 
confirm this is correct, and can you confirm the CVE assignment please 


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.