oss-sec mailing list archives
Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 12 Apr 2012 12:55:01 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/12/2012 01:49 AM, Henri Salo wrote:
Hello, These three 2012 issues are without CVE-identifiers. XSS vulnerabilities can be joined to one CVE if I am correct. Affected version: 2.10 Advisory ID: SSCHADV2012-005 Bugtraq: http://seclists.org/bugtraq/2012/Mar/45 Vulnerabilities: http://osvdb.org/show/osvdb/80838 Wikidforum Search Field XSS http://osvdb.org/show/osvdb/80839 Wikidforum Advanced Search Multiple Field XSS http://osvdb.org/show/osvdb/80840 Wikidforum Advanced Search Multiple Field SQL Injection
Please use CVE-2012-2099 for these XSS issues. Also I couldn't really confirm the SQL injections so not assigning a CVE, if you can find confirmation I'll assign a CVE.
Advisory URLs: http://www.darksecurity.de/advisories/2012/SSCHADV2012-005.txt http://www.darksecurity.de/index.php?/202-SSCHADV2012-005-Wikidforum-2.10-Multiple-security-vulnerabilities.html I also contacted vendor just to be sure: http://www.wikidforum.com/forum/forum-software_29/wikidforum-support_31/sschadv2012-005-unfixed-xss-and-sql-injection-security-vulnerabilities_188.html - Henri Salo
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPhyUEAAoJEBYNRVNeJnmTzvcP/2W/Flev8Z85jhhNRyPqkBlP h3fVBEqE1WekN91HoQoU/EZnoRhKiMhcxtZCMy2L19nmUWZgFW+J5D10ioZ+TQJu I9g4/cx9j1nkU46h2Y9nWB6VUu9yb9LD+ZCRPKD1IStDcXpSrNNouWJewQvnHF7K sgc5NP60olPNfJ2DkbOlh0Vl/41o/BweeZ7DymU8pRW8bUk+fgy1Z5W6wmQcI5qm LJzQZPkZM0m5x8G6t15Hjzcx4OG8cmQ84WyH08FIgZBn9B8tsz6bfFruCmCwaJH+ Ul9iqUS7ye5dha3+qFeFDDcnn20mG0aZwuP6WDD270MKqQ+ZkhyO+xKcehC2+Ua+ ISJKfgk6HE+8apgM2/vPtqi+MNMgYZGdFhy3PLmTkPXJ5c278a5b0r8j4LO0dOmP s0sliL+pPVh/6O69vr/+lpglkPfaQN/ikoGMwavIEUtI7d5U3KmyJENO9G6iEO2Z HLU+rf90DxY41MV1pHm23KkImLoz6aEnpUtKTV9nxJ8qoMttJy+OYALUEWG98N7s E8U52Ja5YWW6ecDE7/Jc/nFruCixZSzfzlXML7tXpfLoSMMivEGVffNgut5jgw+M uXwgUTgrrCRTjScQXOlvvOgjp2JX2hTPebztXu7kA8SKDOW9LLFNjnjzo87Yr/2s Uz1yRzZmvGYs1m8olEwM =eATf -----END PGP SIGNATURE-----
Current thread:
- CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Henri Salo (Apr 12)
- Re: CVE-request: Wikidforum 2.10 multiple XSS and SQL-injection vulnerabilities SSCHADV2012-005 Kurt Seifried (Apr 12)