oss-sec mailing list archives
Re: CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload
From: Henri Salo <henri () nerv fi>
Date: Fri, 23 Jan 2015 13:07:32 +0200
On Fri, Jan 23, 2015 at 07:14:56AM +0100, Steffen Rösemann wrote:
I found multiple reflecting/stored XSS- and SQLi-vulnerabilities as well as an unrestricted file upload in the CMS ferretCMS v.1.0.4 which is currently in the alpha development stage.
From https://github.com/JRogaishio/ferretCMS/issues/63
""" However, please know that ferretCMS is in the 'alpha' development stage and as such is NOT recommended to be used on live websites. """ -- Henri Salo
Current thread:
- CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload Steffen Rösemann (Jan 22)
- Re: CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload Henri Salo (Jan 23)
- Re: CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload cve-assign (Jan 27)