Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: Drupal Data-module multiple vulnerabilities
From: Josh Bressers <bressers () redhat com>
Date: Tue, 26 Jul 2011 15:32:26 -0400 (EDT)



----- Original Message -----
These issues does not have CVE-identifiers. Could we get one?

http://seclists.org/fulldisclosure/2011/Feb/219

I asked from Justin Klein Keane and he wasn't aware of CVE-identifier.
I think this needs identifier even this is an alpha release as this
module is used by some production instances. If I am correct two
identifiers should be enough. One for XSS and another for SQL
injections.

Discussion about the issue: http://drupal.org/node/1056470


Please use CVE-2011-2714 for the XSS.

CVE-2011-2715 is for the SQL injection.

Thanks.

-- 
    JB


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault