Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAFBnvyXBmCv=vN+YZEZTOzg3Gps2j8O6gQbaM=KaOQKpdeNa4Q@mail.gmail.com>
Date: Thu, 24 Jul 2014 20:59:19 +0200
From: Adan Alvarez <adan.alvarez.90@...il.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Duplicated CVE - Cacti XSS

Hello,

I requested a CVE to mitre three days ago because of the security bug I
found: http://bugs.cacti.net/view.php?id=2456

CVE-2014-5043.

Unfortunately, there are currently two CVE assigned to this security issue:
CVE-2014-5025 and CVE-2014-5026.

So I don't know what should I do.

On the other hand,  I just discovered another XSS vulnerability that is not
solved by the current patch.

Here you have the details to reproduce it:

Create a new user or edit an existing one with the following Full Name:
[XSS]
Then go to System Utilities - View User Log, and if the user has logged in
you will see a popup with the text "XSS".

Maybe the CVE-2014-5043 can by used to identify this last discovery.

Regards,
Adan

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.