diff options
| author | junovitch <junovitch@FreeBSD.org> | 2015-10-05 11:09:24 +0800 |
|---|---|---|
| committer | junovitch <junovitch@FreeBSD.org> | 2015-10-05 11:09:24 +0800 |
| commit | 63b6065d2ab7cd266aaaced453ede24afc35406f (patch) | |
| tree | f6a554bfc855d706eab5d1f4da207c9d62089a64 /security/vuxml | |
| parent | 92a280312928b8a520b4dd994ada9bb3476c9a3b (diff) | |
| download | freebsd-ports-gnome-63b6065d2ab7cd266aaaced453ede24afc35406f.tar.gz freebsd-ports-gnome-63b6065d2ab7cd266aaaced453ede24afc35406f.tar.zst freebsd-ports-gnome-63b6065d2ab7cd266aaaced453ede24afc35406f.zip | |
Document 20150910 Plone advisories
PR: 203255
Security: 6b3374d4-6b0b-11e5-9909-002590263bf5
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index fe1d3116e9fc..bc45a6bf8c9a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,48 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6b3374d4-6b0b-11e5-9909-002590263bf5"> + <topic>plone -- multiple vulnerabilities</topic> + <affects> + <package> + <name>plone</name> + <range><lt>4.3.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Plone.org reports:</p> + <blockquote cite="https://plone.org/products/plone/security/advisories/20150910-announcement"> + <p>Versions Affected: All current Plone versions.</p> + <p>Versions Not Affected: None.</p> + <p>Nature of vulnerability: Allows creation of members by anonymous + users on sites that have self-registration enabled, allowing bypass + of CAPTCHA and similar protections against scripted attacks.</p> + <p>The patch can be added to buildouts as Products.PloneHotfix20150910 + (available from PyPI) or downloaded from Plone.org.</p> + <p>Immediate Measures You Should Take: Disable self-registration until + you have applied the patch.</p> + </blockquote> + <blockquote cite="https://plone.org/security/20150910/non-persistent-xss-in-plone"> + <p>Plone's URL checking infrastructure includes a method for checking + if URLs valid and located in the Plone site. By passing HTML into + this specially crafted url, XSS can be achieved.</p> + </blockquote> + </body> + </description> + <references> + <freebsdpr>ports/203255</freebsdpr> + <url>https://plone.org/products/plone-hotfix/releases/20150910</url> + <url>https://plone.org/products/plone/security/advisories/20150910-announcement</url> + <url>https://plone.org/security/20150910/non-persistent-xss-in-plone</url> + <url>https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087</url> + </references> + <dates> + <discovery>2015-09-10</discovery> + <entry>2015-10-05</entry> + </dates> + </vuln> + <vuln vid="c1da8b75-6aef-11e5-9909-002590263bf5"> <topic>php -- multiple vulnerabilities</topic> <affects> |