Re: [oss-security] CVE request: vanilla forums before 2.0.10, xss

From: Josh Bressers <bressers_at_nospam>
Date: Tue Dec 07 2010 - 19:58:32 GMT
To: oss-security@lists.openwall.com

----- "Steven M. Christey" <coley@linus.mitre.org> wrote:
> >
> > As for the "linkbait" issue, I have no clue. Nothing in git seems to
> > point at that.
> >
> > Steve, does MITRE have a precedent for such a thing?
>
> The vendor is calling it a "vulnerability" which is good enough to assign
> a CVE to, as a different vuln type than XSS.
>
> My guess is that it's open redirect, which is used to redirect users away
> from the site towards spam or malware. Just a guess, though.
>

Let's use CVE-2010-4266 then.

Thanks.

-- JB

This message: [ Message body ]
Next message: Josh Bressers: "Re: [oss-security] CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo"
Previous message: Tomas Hoger: "Re: [oss-security] CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900)"
In reply to: Steven M. Christey: "Re: [oss-security] CVE request: vanilla forums before 2.0.10, xss"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]