oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE request: phpbb before 3.0.8

Re: [oss-security] CVE request: phpbb before 3.0.8

From: Josh Bressers <bressers_at_nospam>
Date: Tue Feb 08 2011 - 19:22:54 GMT
To: oss-security@lists.openwall.com

----- Original Message -----
> http://www.phpbb.com/support/documents.php?mode=changelog&version=3#v307-PL1
>
> [PHPBB3-9903] - Execute javascript in [flash=] BBCode
>
> Seems to be XSS. Please assign CVE.
>

Sadly I can't find any public information, it seems you need a login
to view the changelog. If someone has an upstream contact can you ask
them to change this policy.

Thanks.

Use CVE-2011-0544

-- JB