|Main Archive Page > Month Archives > oss-security archives|
Josh Bressers wrote:
> Steve, can MITRE take the one below. It's quite large and I don't have
> time to do it right now. Thanks.
>> a1) CSRF
>> a2) SQL injection
>> a3) stored XSS
>> (the issues mentioned by the exploit-db entry appear to be the same
>> were fixed in 2.1.3)
>> b) search.php SQL injection
>> c) CSRF in the admin panel:
>> (the exploit-db entry details two other issues, but are "admin-only"
>> -- feel
>> free to assign or ignore those.)
Not urgent, but I saw them again on the list of issues without ids on our
-- Raphael Geissert - Debian Developer www.debian.org - get.debian.net