oss-sec mailing list archives
Re: CVE request: phorum < 5.2.15 backend XSS
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 18 May 2010 13:36:27 -0400 (EDT)
On Tue, 18 May 2010, Josh Bressers wrote:
----- "Hanno Böck" <hanno () hboeck de> wrote:Release notes: http://www.facebook.com/note.php?note_id=371190874581 "It also has some security fixes for another less important XSS where a user could "attack himself" with adding an invalid email address (thanks to Carlos Ghan for pointing out this issue), see the changelog below for details. "Does someone have some additional details for this? I don't see enough information for me to assign a CVE id.
Welcome to daily life in CVE.In this case we have an announcement from the vendor alluding to at least one security problem, and a fix for it. This is (unfortunately) sufficient for us to assign a CVE to it.
- Steve
Current thread:
- CVE request: phorum < 5.2.15 backend XSS Hanno Böck (May 16)
- Re: CVE request: phorum < 5.2.15 backend XSS Josh Bressers (May 18)
- Re: CVE request: phorum < 5.2.15 backend XSS Steven M. Christey (May 18)
- Re: CVE request: phorum < 5.2.15 backend XSS Josh Bressers (May 18)
- Re: CVE request: phorum < 5.2.15 backend XSS Steven M. Christey (May 18)
- Re: CVE request: phorum < 5.2.15 backend XSS Josh Bressers (May 18)