Date: Fri, 5 Dec 2014 22:35:15 -0000 From: "P Richards" <paul@...tisforge.org> To: <oss-security@...ts.openwall.com>, "'Damien Regad'" <dregad@...tisbt.org>, <cve-assign@...re.org> Subject: RE: CVE-2014-6316: URL redirection issue in MantisBT "Paul Richards also found another redirection issue in permalink_page.php, which turned out to have the same root cause." And nik-picking here, but the issue that I identified in permalink_page.php I believe was a cross site scripting issue and not a URL redirection vulnerability so should probably be allocated a separate CVE identifier? The http request headers of the permalink_page.php issue that I recall are at http://tinypic.com/r/2dh8y1f/8 and relate to a XSS vulnerability and not a URL Redirection as shown in the image linked.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.