Re: CVE request: phorum < 5.2.15 backend XSS

["Steven M. Christey" <coley () linus mitre org>]

On Tue, 18 May 2010, Josh Bressers wrote:

> ----- "Hanno Böck" <hanno () hboeck de> wrote:
>
> > Release notes:
> > http://www.facebook.com/note.php?note_id=371190874581
> >
> >
> > "It also has some security fixes for another less important XSS where a
> > user could "attack himself" with adding an invalid email address (thanks
> > to Carlos Ghan for pointing out this issue), see the changelog below for
> > details. "
>
> Does someone have some additional details for this? I don't see enough
> information for me to assign a CVE id.

Welcome to daily life in CVE.

In this case we have an announcement from the vendor alluding to at least 
one security problem, and a fix for it.  This is (unfortunately) 
sufficient for us to assign a CVE to it.

- Steve