oss-sec mailing list archives
CVE duplicates SA-CONTRIB-2013-075
From: Henri Salo <henri () nerv fi>
Date: Sat, 5 Oct 2013 14:10:44 +0300
Advisory https://drupal.org/node/2087055 says: CVE-2013-4381 (XSS) CVE-2013-4382 (CSRF) Are these duplicate CVEs with CVEs below or is there something I am missing? http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5937 Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Form API. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5938 Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form. --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE duplicates SA-CONTRIB-2013-075 Henri Salo (Oct 05)
- Re: CVE duplicates SA-CONTRIB-2013-075 Forest Monsen (Oct 18)
- Re: CVE duplicates SA-CONTRIB-2013-075 Henri Salo (Oct 21)
- RE: Re: CVE duplicates SA-CONTRIB-2013-075 Christey, Steven M. (Oct 21)
- Re: Re: CVE duplicates SA-CONTRIB-2013-075 Kurt Seifried (Oct 21)
- Re: Re: CVE duplicates SA-CONTRIB-2013-075 Forest Monsen (Oct 22)
- Re: CVE duplicates SA-CONTRIB-2013-075 Henri Salo (Oct 21)
- Re: CVE duplicates SA-CONTRIB-2013-075 Forest Monsen (Oct 18)