oss-sec mailing list archives
Re: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities
From: cve-assign () mitre org
Date: Fri, 27 Feb 2015 22:28:01 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
/admin/index.php?module=config-attachment_types&action=add /admin/index.php?module=config-mycode&action=add /admin/index.php?module=forum-management&action=add /admin/index.php?module=user-groups&action=add /admin/index.php?module=style-templates&action=add_set /admin/index.php?module=style-templates&action=add_template_group /admin/index.php?module=tools-tasks&action=add /admin/index.php?module=config-post_icons&action=add /admin/index.php?module=user-titles&action=add /admin/index.php?module=config-banning&type=usernames
Use CVE-2015-2149 for all of these XSS issues. Note that the scope of CVE-2015-2149 is limited to the "Low Risk: Multiple XSS vulnerability requiring admin permissions â.. reported by adamziaja, Devilshakerz, DingjieYang and sroesemann" section of the http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/ post, and does not include anything discovered by anyone else. The other MyBB vulnerabilities fixed in 1.8.4 will most likely all have CVE assignments on cve.mitre.org soon; however, we will not be announcing the CVE IDs here in advance, because they are outside the scope of the CVE request. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJU8TVwAAoJEKllVAevmvmsyd0H/3t5knGYQv2MKbULY3JHwsks d8r9u/xWnl8XAsiKl4nNN68lY+P1ZWouzr++9ixnWwRXLBR7mpEdek+OS/3ckpI6 zpYbgcBJoMjev3c4rNoHram4bkL18fg20AmTqbGjlY08E2+UEiyILoOeU9Pn+pHX iaVv768b8xMrd283PeWKPbdQ3KJckl04kqNaq/BhlTRpRDOqeZCq3+FciQ/ZVGeZ sH1WhRDl5uVxewkmoDwJfb1xdgRmloX3dy3tYUTwwtA1i5JQpWrCoRFMa/Q2FnBT uPeTR2KPbM7uNINPhHVLO2tdDyKfByjs8SYMkUdJSNroGLYrS5M7VX/X84mYcqQ= =55TS -----END PGP SIGNATURE-----
Current thread:
- CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities Steffen Rösemann (Feb 21)
- Re: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities cve-assign (Feb 27)