Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 23 Mar 2015 20:27:06 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: Rehan Ahmed <knight_rehan@...mail.com>
Subject: CVE request: Chamilo LMS 1.9.10 Multiple XSS & CSRF Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Advisory URL: http://seclists.org/fulldisclosure/2015/Mar/125
Software URL: www.chamilo.org https://github.com/chamilo/chamilo-lms/

"""Chamilo LMS 1.9.10 or prior versions are prone to a multiple Cross-Site
Scripting (Stored + Reflected) & CSRF vulnerabilities. These vulnerabilities
allows an attacker to gain control over valid user accounts in LMS, perform
operations on their behalf, redirect them to malicious sites, steal their
credentials, and more."""

Fixed in: 1.9.11

- -- 
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVEFr6AAoJECet96ROqnV08BgP/3NH5eW1Vf88ZjhKT99iUwEH
VxfsvRPVecX0VbZz7cBQ1PcfJAux7qft6SpSECGJNWrwLm1pwVPzsxt2ZB+bD5w6
oOkXCYVUKqp7Zc2CyB3Fde1M2K1tH6dQnLrhHwkYjhXGPqtHb8BgOf7A9AdI7W8x
ZQB5vwfh1hgXkdH4o6h/aU53IdKAMPN37apUHcIG6VJ7myEbjGvBOxa1aUeGYTXg
a7fNnbN8lIJrXqNGX29luttLeeMROkYYRZUzGXc29otCGrz7yCEySgPwQ0J8qQFj
Wkcx9FQaGrWfx7XsRnPzxeM33sR+VPTB5+ApnaFqpPJr1Ifq3mu4Hf4bzytp5C5y
91j6lIyimb4bYPCSW9L7xy+pQVIc8EbMNh6PaNku6f9Ap/DG0EVdsz0woTBRto4g
JdbCoJWzrEUGN2Lw4QK79DOCAie8SfJovUteg38rN86uJyG456N0rAmqfAAjWvAM
JDjOEzqxlDoRaoPqDhkukv/JbVSzLm3zr6KuXlM66Gk6FqKGB/+vNrz26wWM880Q
Pnu3Eck45yvy+Hlwxvv54i162EdgD39EGmAlb0ef+ziu1Ml4SYkxeQnm3ywIAvH+
ypbV0pyPwq1Wu8RbTRdVTwVGHe0WRPHWwBVIoCFfaLzuv5xX7wAHziuM6klkOVoE
ULS6Hpw949OCSmauAxcS
=hUg1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.