oss-sec mailing list archives

CVE request: phpbb3 CSRF and CSS injection

From: Henri Salo <henri () nerv fi>
Date: Sat, 31 Jan 2015 14:31:02 +0200

Can I get 2 2015 CVEs for phpBB3 vulnerabilities fixed in 3.0.13, thanks.

https://wiki.phpbb.com/Release_Highlights/3.0.13

https://tracker.phpbb.com/browse/PHPBB3-13531
https://github.com/phpbb/phpbb/pull/3316
"CSS Injection via Relative Path Overwrite. Thanks to James Kettle for bringing
this to our attention"

https://tracker.phpbb.com/browse/PHPBB3-13526
https://github.com/phpbb/phpbb/pull/3311
"The ucp_pm_options form key is now properly validated. Thanks to FBNeal and
lampsys who reported this independently."

-- 
Henri Salo

Current thread:

CVE request: phpbb3 CSRF and CSS injection Henri Salo (Jan 31)
- Re: CVE request: phpbb3 CSRF and CSS injection cve-assign (Jan 31)