Author: nion Date: 2009-07-10 00:33:04 +0000 (Fri, 10 Jul 2009) New Revision: 12315 Modified: data/CVE/list Log: cveified drupal Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-09 21:14:35 UTC (rev 12314) +++ data/CVE/list 2009-07-10 00:33:04 UTC (rev 12315) @@ -1,11 +1,5 @@ CVE-2009-2386 RESERVED -CVE-2009-2374 (Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize ...) - TODO: check -CVE-2009-2373 (Cross-site scripting (XSS) vulnerability in the Forum module in Drupal ...) - TODO: check -CVE-2009-2372 (Drupal 6.x before 6.13 does not prevent users from modifying user ...) - TODO: check CVE-2009-2369 (Integer overflow in the wxImage::Create function in ...) TODO: check CVE-2009-2360 (Cross-site scripting (XSS) vulnerability in passwd/main.php in the ...) @@ -273,18 +267,18 @@ NOT-FOR-US: component for Joomla! CVE-2008-6840 (Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 ...) NOT-FOR-US: V-webmail -CVE-2009-XXXX [XSS in forum module] +CVE-2009-2373 (Cross-site scripting (XSS) vulnerability in the Forum module in Drupal ...) - drupal6 6.12-1.1 (low; bug #535435) - drupal5 <not-affected> (Vulnerable code not present) NOTE: http://drupal.org/node/507572 NOTE: requested CVE id -CVE-2009-XXXX [input format access bypass] +CVE-2009-2372 (Drupal 6.x before 6.13 does not prevent users from modifying user ...) - drupal6 6.12-1.1 (medium; bug #535435) - drupal5 <not-affected> (Vulnerable code not present) NOTE: http://drupal.org/node/507572 NOTE: marked as medium as this might lead to code execution if the php filter is enabled NOTE: requested CVE id -CVE-2009-XXXX [URL password leakage] +CVE-2009-2374 (Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize ...) - drupal6 6.12-1.1 (low; bug #535435) - drupal5 5.18-1.1 (low; bug #535476) NOTE: http://drupal.org/node/507572