___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Affected Software: Babel: Multilingual Site module for CMS Made Simple
Affected Version: 0.4.1 and earlier
Patched Version: None - project is no longer under development
CVE Identifier: TBD
Vulnerability type: CWE-601: URL Redirection to Untrusted Site ('Open
Redirect')
Severity Rating: CVSS v3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Feb 05, 2019 at 04:19:16PM +0100, Tim Coen wrote:
> https://security-consulting.icu/blog/2019/02/wordpress-forminator-persistent-xss-blind-sql-injection/
Please use CVE-2019-9567 for XSS vulnerability and CVE-2019-9568 for
SQL-injection
I. VULNERABILITY
-
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)
II. CVE REFERENCE
-
Use CVE-2018-17865
III. VENDOR
-
https://www.sap.com
IV. TIMELINE
-
10/08/2018 Vulnerability
I. VULNERABILITY
-
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)
II. CVE REFERENCE
-
CVE-2018-17864
III. VENDOR
-
https://www.sap.com
IV. TIMELINE
-
10/08/2018 Vulnerability
I. VULNERABILITY
-
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)
II. CVE REFERENCE
-
CVE-2018-17864
III. VENDOR
-
https://www.sap.com
IV. TIMELINE
-
10/08/2018 Vulnerability
I. VULNERABILITY
-
SAP J2EE Engine/7.01/Fiori
Reflected Cross Site Scripting (XSS)
II. CVE REFERENCE
-
CVE-2018-17862
III. VENDOR
-
https://www.sap.com
IV. TIMELINE
-
10/08/2018 Vulnerability
I. VULNERABILITY
-
SAP J2EE Engine/7.01/Portal/EPP
Reflected Cross Site Scripting (XSS)
II. CVE REFERENCE
-
CVE-2018-17861
III. VENDOR
-
https://www.sap.com
IV. TIMELINE
-
10/08/2018 Vulnerability
