oss-sec mailing list archives
CVE request: phpbb3 CSRF and CSS injection
From: Henri Salo <henri () nerv fi>
Date: Sat, 31 Jan 2015 14:31:02 +0200
Can I get 2 2015 CVEs for phpBB3 vulnerabilities fixed in 3.0.13, thanks. https://wiki.phpbb.com/Release_Highlights/3.0.13 https://tracker.phpbb.com/browse/PHPBB3-13531 https://github.com/phpbb/phpbb/pull/3316 "CSS Injection via Relative Path Overwrite. Thanks to James Kettle for bringing this to our attention" https://tracker.phpbb.com/browse/PHPBB3-13526 https://github.com/phpbb/phpbb/pull/3311 "The ucp_pm_options form key is now properly validated. Thanks to FBNeal and lampsys who reported this independently." -- Henri Salo
Current thread:
- CVE request: phpbb3 CSRF and CSS injection Henri Salo (Jan 31)
- Re: CVE request: phpbb3 CSRF and CSS injection cve-assign (Jan 31)