oss-sec mailing list archives
Re: CVE request: lxr
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Sat, 31 Jul 2010 12:09:35 -0400
Yes, CVE-2010-1738 is a dupe of CVE-2010-1448. -Dan On Sat, Jul 31, 2010 at 10:03 AM, Nico Golde <oss-security+ml () ngolde de> wrote:
Hi, * Josh Bressers <bressers () redhat com> [2010-05-14 21:48]:----- "Dan Rosenberg" <dan.j.rosenberg () gmail com> wrote:Josh, The XSS in the title string was already assigned CVE-2010-1448. Do you mean to assign issue #2, the XSS reflected in search results?Sigh, yes. So to sum it up: 1. XSS in the ident parameter, as described in CVE-2009-4497. 2. XSS that is reflected via the search results page after issuing This one is now CVE-2010-1625 3. 3. XSS that is reflected via the <title> tag on the search page, as described in Raphael's original e-mail a few days ago, which Josh assigned CVE-2010-1448CVE-2010-1738 seems to be a dupe of this? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Current thread:
- Re: CVE request: lxr Nico Golde (Jul 31)
- Re: CVE request: lxr Dan Rosenberg (Jul 31)
- Re: CVE request: lxr Steven M. Christey (Aug 20)
- Re: CVE request: lxr Dan Rosenberg (Jul 31)