MITRE CVE Numbering Authority assigned me 9 new CVEs. Following the details:
CVE-2007-6752 for Drupal 7.12 CSRF Vulnerability (force user/logout – sections 2.2, 3.2)
CVE-2012-1899 for Multiple XSS Vulnerabilities in Webfolio CMS <= 1.1.4
CVE-2012-1900 for CSRF Vulnerability (Delete Web Pages) in Razor CMS <= 1.2.1
CVE-2012-1901 for FlexCMS 3.2.1 Multiple CSRF
CVE-2012-1897 for Multiple XSS in Wolf CMS <= 0.75
CVE-2012-1898 for Multiple CSRF in Wolf CMS <= 0.75
CVE-2012-1921 for Sitecom WLM-2501 Change Wireless Passphrase
CVE-2012-1922 for Sitecom WLM-2501 new Multiple CSRF
CVE-2012-1932 for Wolf CMS <= 0.75 Persistent XSS
Regarding my Drupal 7.12 Advisory, Mitre considers that:
- Sections 2.1 and 3.1 – Poor Session Checking (CSRF to change any Drupal settings) – would be a Drupal’s “Security Improvement”.
- Section 2.3 – Poor Session Checking (POST and GET method) – and section 2.4 – Poor Session Checking (Http Referer) – would be Drupal’s “Potential Security Improvements”.