oss-sec mailing list archives
Re: CVE request: TYPO3-EXT-SA-2015-001, TYPO3-EXT-SA-2015-002, TYPO3-EXT-SA-2015-003
From: cve-assign () mitre org
Date: Tue, 27 Jan 2015 18:46:57 -0500 (EST)
Can I get CVE IDs for following vulnerabilities, thank you. http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-001/ It has been discovered that the extension "LDAP / SSO Authentication" (ig_ldap_sso_auth) is susceptible to Improper Authentication.
Use CVE-2015-1401.
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-002/ It has been discovered that the extension "Content Rating" (content_rating) is susceptible to Cross-Site Scripting and SQL Injection.
CVE-2015-1402 - XSS CVE-2015-1403 - SQL injection
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-003/ It has been discovered that the extension "Content Rating Extbase" (content_rating_extbase) is susceptible to Cross-Site Scripting and SQL Injection.
CVE-2015-1404 - XSS CVE-2015-1405 - SQL injection --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Current thread:
- CVE request: TYPO3-EXT-SA-2015-001, TYPO3-EXT-SA-2015-002, TYPO3-EXT-SA-2015-003 Henri Salo (Jan 11)
- Re: CVE request: TYPO3-EXT-SA-2015-001, TYPO3-EXT-SA-2015-002, TYPO3-EXT-SA-2015-003 cve-assign (Jan 27)