oss-sec mailing list archives
Re: CVE request: vanilla forums before 2.0.10, xss
From: Josh Bressers <bressers () redhat com>
Date: Tue, 7 Dec 2010 14:58:32 -0500 (EST)
----- "Steven M. Christey" <coley () linus mitre org> wrote:
As for the "linkbait" issue, I have no clue. Nothing in git seems to point at that. Steve, does MITRE have a precedent for such a thing?The vendor is calling it a "vulnerability" which is good enough to assign a CVE to, as a different vuln type than XSS. My guess is that it's open redirect, which is used to redirect users away from the site towards spam or malware. Just a guess, though.
Let's use CVE-2010-4266 then. Thanks. -- JB
Current thread:
- CVE request: vanilla forums before 2.0.10, xss Hanno Böck (Dec 05)
- Re: CVE request: vanilla forums before 2.0.10, xss Josh Bressers (Dec 06)
- Re: CVE request: vanilla forums before 2.0.10, xss Steven M. Christey (Dec 06)
- Re: CVE request: vanilla forums before 2.0.10, xss Josh Bressers (Dec 07)
- Re: CVE request: vanilla forums before 2.0.10, xss Steven M. Christey (Dec 06)
- Re: CVE request: vanilla forums before 2.0.10, xss Josh Bressers (Dec 06)