oss-sec mailing list archives

Re: CVE-request: Multiple e107 vulnerabilities

From: Kurt Seifried <kseifrie () redhat com>
Date: Wed, 04 Jan 2012 00:02:48 -0700

On 01/03/2012 03:04 PM, Henri Salo wrote:

1) Multiple Script URI XSS
http://osvdb.org/show/osvdb/78047

2) e107_admin/users.php resend_name Parameter XSS
http://osvdb.org/show/osvdb/78048

3) User Signatures link BBCode XSS
http://osvdb.org/show/osvdb/78049

These 3 XSS vulns are being merged as per ADT4. Please use CVE-2011-4920
for these issues.

4) usersettings.php username Parameter SQL Injection
http://osvdb.org/show/osvdb/78050


Please use CVE-2011-4921 for this issue.


Secunia advisory: http://secunia.com/advisories/46706/

I do not know where to find SCM links. Secunia can probably help if needed.

- Henri Salo


http://e107.org/news.php?extend.885.2
http://e107.svn.sourceforge.net/viewvc/e107/

-- 

-- Kurt Seifried / Red Hat Security Response Team

Current thread:

CVE-request: Multiple e107 vulnerabilities Henri Salo (Jan 03)
- Re: CVE-request: Multiple e107 vulnerabilities Kurt Seifried (Jan 03)