Henri Salo | 13 Jun 15:40 2011
Picon

CVE-request: XSS in Webmin 1.540

Hi,

I would like to receive CVE-identifier for this issue in Webmin. References:

http://seclists.org/fulldisclosure/2011/Apr/393

Javier Bassi told me that the Bugtraq ID is 47558. Couldn't find this from OSVDB. Fixed in commit:
https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881 which is
included to Webmin 1.550 release.

Should be 2011 identifier.

Best regards,
Henri Salo

Jamie Cameron | 13 Jun 18:42 2011

Re: [webmin-devel] CVE-request: XSS in Webmin 1.540

On 13/Jun/2011 06:40 Henri Salo <henri <at> nerv.fi> wrote ..
> Hi,
> 
> I would like to receive CVE-identifier for this issue in Webmin. References:
> 
> http://seclists.org/fulldisclosure/2011/Apr/393
> 
> Javier Bassi told me that the Bugtraq ID is 47558. Couldn't find this from OSVDB.
> Fixed in commit: https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881
> which is included to Webmin 1.550 release.
> 
> Should be 2011 identifier.

There is no CVE for this - the original submitter Javier had trouble obtaining one.

Actually, I have no idea where CVEs come from either!

 - Jamie

------------------------------------------------------------------------------
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of Track Changes, Inline Image
Editing and ensure content is compliant with Accessibility Checking.
http://p.sf.net/sfu/ephox-dev2dev
-
Forwarded by the Webmin development list at webmin-devel <at> webmin.com
To remove yourself from this list, go to
http://lists.sourceforge.net/lists/listinfo/webadmin-devel

(Continue reading)

Josh Bressers | 13 Jun 20:56 2011
Picon

Re: Re: CVE-request: XSS in Webmin 1.540

----- Original Message -----
> On 13/Jun/2011 06:40 Henri Salo <henri@...> wrote ..
> > Hi,
> >
> > I would like to receive CVE-identifier for this issue in Webmin.
> > References:
> >
> > http://seclists.org/fulldisclosure/2011/Apr/393
> >
> > Javier Bassi told me that the Bugtraq ID is 47558. Couldn't find this
> > from OSVDB.
> > Fixed in commit:
> > https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881
> > which is included to Webmin 1.550 release.
> >
> > Should be 2011 identifier.
> 
> There is no CVE for this - the original submitter Javier had trouble
> obtaining one.
> 
> Actually, I have no idea where CVEs come from either!
> 

A CVE id was assigned here:
http://seclists.org/oss-sec/2011/q2/478

As for getting an ID in the future, your best bet is to mail me directly
with your request. MITRE is generally swamped with requests, where I don't
service near the volume they do.

(Continue reading)


Gmane