oss-sec mailing list archives

Re: CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload

From: Henri Salo <henri () nerv fi>
Date: Fri, 23 Jan 2015 13:07:32 +0200

On Fri, Jan 23, 2015 at 07:14:56AM +0100, Steffen Rösemann wrote:

I found multiple reflecting/stored XSS- and SQLi-vulnerabilities as well as
an unrestricted file upload in the CMS ferretCMS v.1.0.4 which is currently
in the alpha development stage.

From https://github.com/JRogaishio/ferretCMS/issues/63


"""
However, please know that ferretCMS is in the 'alpha' development stage and as
such is NOT recommended to be used on live websites.
"""

-- 
Henri Salo

Current thread:

CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload Steffen Rösemann (Jan 22)
- Re: CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload Henri Salo (Jan 23)
- Re: CVE-Request -- ferretCMS v.1.0.4-alpha -- Multiple reflecting/stored XSS- and SQLi-vulnerabilities, unrestricted file upload cve-assign (Jan 27)