oss-sec mailing list archives
Re: CVE request: phpbb before 3.0.8
From: Josh Bressers <bressers () redhat com>
Date: Tue, 8 Feb 2011 14:22:54 -0500 (EST)
----- Original Message -----
http://www.phpbb.com/support/documents.php?mode=changelog&version=3#v307-PL1 [PHPBB3-9903] - Execute javascript in [flash=] BBCode Seems to be XSS. Please assign CVE.
Sadly I can't find any public information, it seems you need a login to view the changelog. If someone has an upstream contact can you ask them to change this policy. Thanks. Use CVE-2011-0544 -- JB
Current thread:
- CVE request: phpbb before 3.0.8 Hanno Böck (Feb 07)
- Re: CVE request: phpbb before 3.0.8 Josh Bressers (Feb 08)
- Re: CVE request: phpbb before 3.0.8 Hanno Böck (Feb 08)
- Re: CVE request: phpbb before 3.0.8 Josh Bressers (Feb 08)