mailing list archives
Re: CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008)
From: Netsparker Advisories <advisories () mavitunasecurity com>
Date: Tue, 3 Jan 2012 20:29:46 +0200
We are assigning these identifiers to the advisory.
On 22 November 2011 21:52, Kurt Seifried <kseifried () redhat com> wrote:
On 11/22/2011 04:09 AM, Henri Salo wrote:
Can we assign CVE-identifiers for these three issues, thank you?
Found from: 2.2.3
Fixed in: 2.2.4
1. http://osvdb.org/show/osvdb/76882 / SA46663
extensions/profiledevkit/content/content.profile.php profile-parameter XSS
2. http://osvdb.org/show/osvdb/76883 / SA46663
symphony/lib/core/class.symphony.php filter-parameter XSS
Ok merging these two issues (as per ADT4 specification) please use
CVE-2011-4340 for this issue.
3. http://osvdb.org/show/osvdb/76884 / SA46663
symphony/content/content.publish.ph filter-parameter SQL injection
(Different than CVE-2010-3458)
Please use CVE-2011-4341 for this issue.
Advisory Reference: NS-11-008
- Henri Salo
-Kurt Seifried / Red Hat Security Response Team
Netsparker Advisories, <advisories () mavitunasecurity com>
- Re: CVE-request: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (NS-11-008) Netsparker Advisories (Jan 03)