oss-sec mailing list archives
Re: CVE Request: Post Revolution multiple security vulnerabilities
From: Josh Bressers <bressers () redhat com>
Date: Tue, 31 May 2011 16:27:41 -0400 (EDT)
IDs inline. ----- Original Message -----
Hi, I need a CVE for Post Revolution 0.8c multiple security vulnerabilities. (Post Revolution is a CMS similar to Wordpress released under GPLv2) The vulnerabilities are: 1. A Denial of service vulnerability.
CVE-2011-1952
2. Cross-site scripting vulnerabilities.
CVE-2011-1953
3. Cross-site request forgery vulnerabilities.
CVE-2011-1954
Vendor has publicly confirmed the existence of the vulnerabilities: http://translate.google.com/translate?u=http%3A%2F%2Fpostrev.com.ar%2F&sl=es&tl=en&hl=&ie=UTF-8 I will wait for vendor to fully patch these issues before full-disclosure (probably by Friday)
Thanks. -- JB
Current thread:
- CVE Request: Post Revolution multiple security vulnerabilities Javier Bassi (May 24)
- Re: CVE Request: Post Revolution multiple security vulnerabilities Josh Bressers (May 31)