oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Post Revolution multiple security vulnerabilities

From: Josh Bressers <bressers () redhat com>
Date: Tue, 31 May 2011 16:27:41 -0400 (EDT)
IDs inline.

----- Original Message -----

Hi, I need a CVE for Post Revolution 0.8c multiple security
vulnerabilities. (Post Revolution is a CMS similar to Wordpress
released under GPLv2)

The vulnerabilities are:
1. A Denial of service vulnerability.

    CVE-2011-1952


2. Cross-site scripting vulnerabilities.

    CVE-2011-1953


3. Cross-site request forgery vulnerabilities.

    CVE-2011-1954



Vendor has publicly confirmed the existence of the vulnerabilities:
http://translate.google.com/translate?u=http%3A%2F%2Fpostrev.com.ar%2F&sl=es&tl=en&hl=&ie=UTF-8
I will wait for vendor to fully patch these issues before
full-disclosure (probably by Friday)


Thanks.

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: