Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20131005111044.GA6408@kludge.henri.nerv.fi>
Date: Sat, 5 Oct 2013 14:10:44 +0300
From: Henri Salo <henri@...v.fi>
To: Forest Monsen <forest.monsen@...il.com>, security@...pal.org
Cc: oss-security@...ts.openwall.com
Subject: CVE duplicates SA-CONTRIB-2013-075

Advisory https://drupal.org/node/2087055 says:

CVE-2013-4381 (XSS)
CVE-2013-4382 (CSRF)

Are these duplicate CVEs with CVEs below or is there something I am missing?

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5937

Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module
6.x-1.x for Drupal allows remote attackers to hijack the authentication of
administrators for requests that delete database information via vectors
involving the Drupal Form API.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5938

Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x
for Drupal allows remote attackers to inject arbitrary web script or HTML via a
confirmation form.

---
Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.