Summary: | www-apps/drupal <5.10 / <6.4 Multiple vulnerabilities (CVE-2008-{3740,3741,3742,3743,3744,3745) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Baptiste aka mRyOuNg <mryoung> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://drupal.org/node/295053 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Baptiste aka mRyOuNg
2008-08-14 09:05:25 UTC
Secunia already picked this up, so it will get a CVE through that. in cvs, no stable version thanks, closing. Thanks to hanno and Steven from mitre for the CVEs: CVE-2008-3740 - first XSS CVE-2008-3741 - second XSS. This has a different root cause so is SPLIT. CVE-2008-3742 - BlogAPI file uploads CVE-2008-3743 - first CSRF, for 6.x only CVE-2008-3744 - second CSRF, for 6.x/5.x (different affected versions so SPLIT) CVE-2008-3745 - Upload module priv escalation |