oss-sec mailing list archives
Re: CVE request: silverstripe before 2.4.4
From: Henri Salo <henri () nerv fi>
Date: Sun, 24 Jul 2011 14:51:08 +0300
On Tue, Jan 04, 2011 at 11:58:32AM -0500, Josh Bressers wrote:
----- Original Message -----http://www.silverstripe.org/security-releases/ Silverstripe 2.4.4 notes: SQL information disclosure, SQL injection in Translatable extension, Cross Site Request Forgery in various CMS interfaces, XSS in controller action handling (if someone is motivated one could also assign CVEs to all the old version issues)This one is way bigger than I can handle. I shall defer it to MITRE. It's going to take a lot of work and CVE ids. Thanks. -- JB
Did this got responded? At least there is no replies in this thread: http://seclists.org/oss-sec/2011/q1/23 Best regards, Henri Salo
Current thread:
- Re: CVE request: silverstripe before 2.4.4 Henri Salo (Jul 24)