we noticed the following entries in the changelog for SPINE 1.2 stable
and are about to release an advisory for these issues.
* Added in Admin : Forced POST access (prevent XSS)
* Fixed in Core : Placeholders in database handler : security fix
* Fixed in Admin : Macro admin security bug fix
Before we publish our advisory we would appreciate to receive your
comments on these issues.
What are the impacts of the fixed vulnerabilities?
How can they be exploited and is any authentication required?
Which other versions are also affected and are there any mitigating
Please respond as soon as possible.
Thanks in advance and kind regards,