Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: silverstripe before 2.4.4
From: Henri Salo <henri () nerv fi>
Date: Sun, 24 Jul 2011 14:51:08 +0300

On Tue, Jan 04, 2011 at 11:58:32AM -0500, Josh Bressers wrote:
----- Original Message -----
http://www.silverstripe.org/security-releases/

Silverstripe 2.4.4 notes:
SQL information disclosure, SQL injection in Translatable extension,
Cross Site Request Forgery in various CMS interfaces, XSS in controller
action handling

(if someone is motivated one could also assign CVEs to all the old
version issues)


This one is way bigger than I can handle. I shall defer it to MITRE. It's
going to take a lot of work and CVE ids.

Thanks.

-- 
    JB

Did this got responded? At least there is no replies in this thread:

http://seclists.org/oss-sec/2011/q1/23

Best regards,
Henri Salo


  By Date           By Thread  

Current thread:
  • Re: CVE request: silverstripe before 2.4.4 Henri Salo (Jul 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]