[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-request: Elxis CMS two XSS-vulnerabilities
From: Kurt Seifried <kseifrie () redhat ! com>
Date: 2011-12-31 21:20:01
Message-ID: 4EFF7C81.3050308 () redhat ! com
[Download RAW message or body]
On 12/30/2011 04:49 AM, Henri Salo wrote:
> 1) Input passed to the "task" parameter in index.php (when "option" is set to "com_content") \
> is not properly sanitised before being returned to the user. This can be exploited to execute \
> arbitrary HTML and script code in a user's browser session in context of an affected site. \
> http://osvdb.org/show/osvdb/77563
> 2) Input passed via the URL to administrator/index.php is not properly sanitised before being \
> returned to the user. This can be exploited to execute arbitrary HTML and script code in a \
> user's browser session in context of an affected site. http://osvdb.org/show/osvdb/77564
Merging these two issues as per ADT4:
At this stage, X and Y are the same bug type, affect the same versions,
and affect the same products.
Do X and Y have any of the following characteristics?
* X appears in a different DLL, library, or program than Y (e.g. X
affects LIB1.DLL and Y affects LIB2.DLL)
* X has more serious impact than Y (e.g. code execution as root versus
leak of system pathname)
* X takes a different input parameter/argument than Y (e.g. SQL
injection in both the "user" and "password" parameters)
* X is exploitable locally, but Y is not.
* X requires stronger authentication than Y.
* X can be exploited by a certain user that Y can not (e.g. a guest
user vs. an admin)
*Yes:* *MERGE
*Please use CVE-2011-4918 for these two issues
*
*
>
> http://secunia.com/advisories/47073/
>
> Fixed in same version "2009.3 Aphrodite rev2684" so one CVE-identifier might be enough.
>
> - Henri Salo
Does anyone have a contact name for Secunia with respect to
co-ordinating CVE assignments better?
--
-- Kurt Seifried / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic