oss-sec mailing list archives

Re: CVE Request -- CMS Absolut Engine v. 1.73 -- Multiple vulnerabilities

From: cve-assign () mitre org
Date: Mon, 5 Jan 2015 12:33:48 -0500 (EST)


On Sat, 3 Jan 2015, Steffen R??semann wrote:

I found multiple vulnerabilities in CMS Absolut Engine v.1.73 including SQL
injections and a reflecting XSS vulnerability residing in its
administrative backend.

Can you assign a CVE ID for it?

Greetings, Steffen

References:

[1] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-08.html
[2]
http://sroesemann.blogspot.de/2014/12/report-for-advisory-sroeadv-2014-08.html
[3] http://seclists.org/fulldisclosure/2014/Dec/131
[4] http://www.absolutengine.com/


CVE-2014-9435 - SQL injection

CVE-2014-9434 - XSS

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Current thread:

CVE Request -- CMS Absolut Engine v. 1.73 -- Multiple vulnerabilities Steffen Rösemann (Jan 03)
- Re: CVE Request -- CMS Absolut Engine v. 1.73 -- Multiple vulnerabilities cve-assign (Jan 05)