oss-sec mailing list archives
Re: CVE Request -- CMS Absolut Engine v. 1.73 -- Multiple vulnerabilities
From: cve-assign () mitre org
Date: Mon, 5 Jan 2015 12:33:48 -0500 (EST)
On Sat, 3 Jan 2015, Steffen R??semann wrote:
I found multiple vulnerabilities in CMS Absolut Engine v.1.73 including SQL injections and a reflecting XSS vulnerability residing in its administrative backend. Can you assign a CVE ID for it? Greetings, Steffen References: [1] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-08.html [2] http://sroesemann.blogspot.de/2014/12/report-for-advisory-sroeadv-2014-08.html [3] http://seclists.org/fulldisclosure/2014/Dec/131 [4] http://www.absolutengine.com/
CVE-2014-9435 - SQL injection CVE-2014-9434 - XSS --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Current thread:
- CVE Request -- CMS Absolut Engine v. 1.73 -- Multiple vulnerabilities Steffen Rösemann (Jan 03)
- Re: CVE Request -- CMS Absolut Engine v. 1.73 -- Multiple vulnerabilities cve-assign (Jan 05)