Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.GSO.4.64.1005181335260.13965@faron.mitre.org>
Date: Tue, 18 May 2010 13:36:27 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: phorum < 5.2.15 backend XSS


On Tue, 18 May 2010, Josh Bressers wrote:

> ----- "Hanno Böck" <hanno@...eck.de> wrote:
>
>> Release notes:
>> http://www.facebook.com/note.php?note_id=371190874581
>>
>>
>> "It also has some security fixes for another less important XSS where a
>> user could "attack himself" with adding an invalid email address (thanks
>> to Carlos Ghan for pointing out this issue), see the changelog below for
>> details. "
>>
>
> Does someone have some additional details for this? I don't see enough
> information for me to assign a CVE id.

Welcome to daily life in CVE.

In this case we have an announcement from the vendor alluding to at least 
one security problem, and a fix for it.  This is (unfortunately) 
sufficient for us to assign a CVE to it.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.