oss-sec mailing list archives
CVE-request for three 2009 Joomla issues (second part)
From: Henri Salo <henri () nerv fi>
Date: Sun, 25 Dec 2011 16:37:51 +0200
Can I get three CVEs assigned for these issues: 1) "Input passed via the "HTTP_REFERER" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site." http://developer.joomla.org/security/news/298-20090604-core-frontend-xss-httpreferer-not-properly-filtered.html http://osvdb.org/show/osvdb/55589 2) "Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site." http://developer.joomla.org/security/news/299-20090605-core-frontend-xss-phpself-not-properly-filtered.html http://osvdb.org/show/osvdb/55590 3) "A security issue exists due to certain files missing the check for JEXEC, which can lead to the disclosure of path information." http://developer.joomla.org/security/news/300-20090606-core-missing-jexec-check.html (different than 302-20090722-core-missing-jexec-check.html) http://osvdb.org/show/osvdb/55591 Secunia advisory: http://secunia.com/advisories/35668/ - Henri Salo
Current thread:
- CVE-request for three 2009 Joomla issues (second part) Henri Salo (Dec 25)
- Re: CVE-request for three 2009 Joomla issues (second part) Kurt Seifried (Dec 25)