Hi, here are the CVE ids that were assigned to this issue for future reference.
> http://drupal.org/node/295053 Use the following, to be filled in later: CVE-2008-3740 - first XSS CVE-2008-3741 - second XSS. This has a different root cause so is SPLIT. CVE-2008-3742 - BlogAPI file uploads CVE-2008-3743 - first CSRF, for 6.x only CVE-2008-3744 - second CSRF, for 6.x/5.x (different affected versions so SPLIT) CVE-2008-3745 - Upload module priv escalation Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpCvcQdTVyGd.pgp
Description: PGP signature