oss-security December 2010 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE request: vanilla forums bef

Re: [oss-security] CVE request: vanilla forums before 2.0.10, xss

From: Josh Bressers <bressers_at_nospam>
Date: Tue Dec 07 2010 - 19:58:32 GMT
To: oss-security@lists.openwall.com

----- "Steven M. Christey" <coley@linus.mitre.org> wrote:
> >
> > As for the "linkbait" issue, I have no clue. Nothing in git seems to
> > point at that.
> >
> > Steve, does MITRE have a precedent for such a thing?
>
> The vendor is calling it a "vulnerability" which is good enough to assign
> a CVE to, as a different vuln type than XSS.
>
> My guess is that it's open redirect, which is used to redirect users away
> from the site towards spam or malware. Just a guess, though.
>

Let's use CVE-2010-4266 then.

Thanks.

-- JB