Re: Need CVEs for joomla, egroupware

["Steven M. Christey" <coley () linus mitre org>]

Note all: these CVE's only cover the publicly disclosed issues.  The
non-public ones that Nico requested will be handled separately in the
normal CVE reservation process.


======================================================
Name: CVE-2008-1502
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1502
Reference: 
MISC:http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625&r2=25110&pathrev=25110
Reference: CONFIRM:http://www.egroupware.org/changelog
Reference: SECUNIA:29491
Reference: URL:http://secunia.com/advisories/29491

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in
eGroupWare before 1.4.003 allows remote attackers to bypass HTML
filtering and conduct cross-site scripting (XSS) attacks via a string
containing crafted URL protocols.


======================================================
Name: CVE-2008-1533
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1533
Reference: CONFIRM:http://www.joomla.org/content/view/4560/1/
Reference: SECUNIA:28861
Reference: URL:http://secunia.com/advisories/28861

Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla!
1.5 allows remote attackers to perform unauthorized article operations
on articles via unknown vectors.