mailing list archives
Re: CVE request: Drupal Data-module multiple vulnerabilities
From: Josh Bressers <bressers () redhat com>
Date: Tue, 26 Jul 2011 15:32:26 -0400 (EDT)
----- Original Message -----
These issues does not have CVE-identifiers. Could we get one?
I asked from Justin Klein Keane and he wasn't aware of CVE-identifier.
I think this needs identifier even this is an alpha release as this
module is used by some production instances. If I am correct two
identifiers should be enough. One for XSS and another for SQL
Discussion about the issue: http://drupal.org/node/1056470
Please use CVE-2011-2714 for the XSS.
CVE-2011-2715 is for the SQL injection.