Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws

[Reed Loden <reed () reedloden com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 19 Jul 2013 00:27:37 -0600
Kurt Seifried <kseifried () redhat com> wrote:

> So to confirm:
>
> CVE-2013-4144 swfupload KedAns-Dz object injection
> CVE-2013-4145 duplicate of CVE-2012-3414
> CVE-2013-4146 swfupload KedAns-Dz CSRF
>
> and we're good?

Where's the CSRF vuln? I see XSS but not a separate CSRF issue...

~reed
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlHo3kkACgkQa6IiJvPDPVrqKwCguY8KtcZGDqCuHeUkukowdPRL
VPkAoIXHGK0UoRgJStAMsDbbMT8CHA9q
=bV1g
-----END PGP SIGNATURE-----