oss-sec mailing list archives
CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008)
From: Henri Salo <henri () nerv fi>
Date: Tue, 22 Nov 2011 13:09:20 +0200
Can we assign CVE-identifiers for these three issues, thank you? Found from: 2.2.3 Fixed in: 2.2.4 1. http://osvdb.org/show/osvdb/76882 / SA46663 extensions/profiledevkit/content/content.profile.php profile-parameter XSS 2. http://osvdb.org/show/osvdb/76883 / SA46663 symphony/lib/core/class.symphony.php filter-parameter XSS 3. http://osvdb.org/show/osvdb/76884 / SA46663 symphony/content/content.publish.ph filter-parameter SQL injection (Different than CVE-2010-3458) References: http://seclists.org/bugtraq/2011/Nov/8 http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-symphony-cms/ http://secunia.com/advisories/46663/ Advisory Reference: NS-11-008 - Henri Salo
Current thread:
- CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008) Henri Salo (Nov 22)