oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: silverstripe before 2.4.4

From: Henri Salo <henri () nerv fi>
Date: Sun, 24 Jul 2011 14:51:08 +0300
On Tue, Jan 04, 2011 at 11:58:32AM -0500, Josh Bressers wrote:

----- Original Message -----

http://www.silverstripe.org/security-releases/

Silverstripe 2.4.4 notes:
SQL information disclosure, SQL injection in Translatable extension,
Cross Site Request Forgery in various CMS interfaces, XSS in controller
action handling

(if someone is motivated one could also assign CVEs to all the old
version issues)



This one is way bigger than I can handle. I shall defer it to MITRE. It's
going to take a lot of work and CVE ids.

Thanks.

-- 
    JB


Did this got responded? At least there is no replies in this thread:

http://seclists.org/oss-sec/2011/q1/23

Best regards,
Henri Salo
Previous By Date Next
Previous By Thread Next

Current thread: