'[oss-security] Re: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities
From:       cve-assign () mitre ! org
Date:       2015-02-28 3:28:01
Message-ID: 20150228032801.72B1342E0A8 () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> /admin/index.php?module=config-attachment_types&action=add
> /admin/index.php?module=config-mycode&action=add
> /admin/index.php?module=forum-management&action=add
> /admin/index.php?module=user-groups&action=add
> /admin/index.php?module=style-templates&action=add_set
> /admin/index.php?module=style-templates&action=add_template_group
> /admin/index.php?module=tools-tasks&action=add
> /admin/index.php?module=config-post_icons&action=add
> /admin/index.php?module=user-titles&action=add
> /admin/index.php?module=config-banning&type=usernames

Use CVE-2015-2149 for all of these XSS issues. Note that the scope of
CVE-2015-2149 is limited to the "Low Risk: Multiple XSS vulnerability
requiring admin permissions ā.. reported by adamziaja, Devilshakerz,
DingjieYang and sroesemann" section of the
http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/
post, and does not include anything discovered by anyone else. The
other MyBB vulnerabilities fixed in 1.8.4 will most likely all have
CVE assignments on cve.mitre.org soon; however, we will not be
announcing the CVE IDs here in advance, because they are outside the
scope of the CVE request.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU8TVwAAoJEKllVAevmvmsyd0H/3t5knGYQv2MKbULY3JHwsks
d8r9u/xWnl8XAsiKl4nNN68lY+P1ZWouzr++9ixnWwRXLBR7mpEdek+OS/3ckpI6
zpYbgcBJoMjev3c4rNoHram4bkL18fg20AmTqbGjlY08E2+UEiyILoOeU9Pn+pHX
iaVv768b8xMrd283PeWKPbdQ3KJckl04kqNaq/BhlTRpRDOqeZCq3+FciQ/ZVGeZ
sH1WhRDl5uVxewkmoDwJfb1xdgRmloX3dy3tYUTwwtA1i5JQpWrCoRFMa/Q2FnBT
uPeTR2KPbM7uNINPhHVLO2tdDyKfByjs8SYMkUdJSNroGLYrS5M7VX/X84mYcqQ=
=55TS
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic