oss-sec mailing list archives
Re: CVE-request: Multiple e107 vulnerabilities
From: Kurt Seifried <kseifrie () redhat com>
Date: Wed, 04 Jan 2012 00:02:48 -0700
On 01/03/2012 03:04 PM, Henri Salo wrote:
1) Multiple Script URI XSS http://osvdb.org/show/osvdb/78047 2) e107_admin/users.php resend_name Parameter XSS http://osvdb.org/show/osvdb/78048 3) User Signatures link BBCode XSS http://osvdb.org/show/osvdb/78049
These 3 XSS vulns are being merged as per ADT4. Please use CVE-2011-4920 for these issues.
4) usersettings.php username Parameter SQL Injection http://osvdb.org/show/osvdb/78050
Please use CVE-2011-4921 for this issue.
Secunia advisory: http://secunia.com/advisories/46706/ I do not know where to find SCM links. Secunia can probably help if needed. - Henri Salo
http://e107.org/news.php?extend.885.2 http://e107.svn.sourceforge.net/viewvc/e107/ -- -- Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE-request: Multiple e107 vulnerabilities Henri Salo (Jan 03)
- Re: CVE-request: Multiple e107 vulnerabilities Kurt Seifried (Jan 03)