oss-sec mailing list archives
Re: CVE request: CSRF in eXtplorer
From: Moritz Muehlenhoff <jmm () debian org>
Date: Tue, 26 Jun 2012 00:34:27 +0200
Kurt Seifried wrote:
John Leitch has discovered a CSRF vulnerability in eXtplorer: http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross- site.Request.Forgery_174.html Can you please assign a CVE id to it? Cheers, lucianoDoes this affect any versions other than just 2.1 RC3?
The upstream version, which is in Debian stable (2.1.0b6, I suppose that refers to beta6) is affected and was released in 2010, so this is not just a regression in a short-lived release candidate. Cheers, Moritz
Current thread:
- CVE request: CSRF in eXtplorer Luciano Bello (Jun 23)
- Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 24)
- Re: CVE request: CSRF in eXtplorer Moritz Muehlenhoff (Jun 25)
- Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 27)
- Re: CVE request: CSRF in eXtplorer Luciano Bello (Jun 26)
- Re: CVE request: CSRF in eXtplorer Moritz Muehlenhoff (Jun 25)
- Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 24)