diff options
author | miwi <miwi@FreeBSD.org> | 2008-04-25 20:05:13 +0800 |
---|---|---|
committer | miwi <miwi@FreeBSD.org> | 2008-04-25 20:05:13 +0800 |
commit | 5604f1dc67d6d5a8ce4700fdc9394ff32bb6eebd (patch) | |
tree | 627e1b02597865528e9770230b8924e0020dca62 /security/vuxml | |
parent | 9a93a82ca8d855f2ea9d907a30ccadd86ee71557 (diff) | |
download | freebsd-ports-gnome-5604f1dc67d6d5a8ce4700fdc9394ff32bb6eebd.tar.gz freebsd-ports-gnome-5604f1dc67d6d5a8ce4700fdc9394ff32bb6eebd.tar.zst freebsd-ports-gnome-5604f1dc67d6d5a8ce4700fdc9394ff32bb6eebd.zip |
- Document serendipity -- multiple cross site scripting vulnerabilities.
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8c3a0f8c02e1..c0dea4fad198 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,49 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9c133aa0-12bd-11dd-bab7-0016179b2dd5"> + <topic>serendipity -- multiple cross site scripting vulnerabilities</topic> + <affects> + <package> + <name>serendipity</name> + <range><lt>1.3.1</lt></range> + </package> + <package> + <name>serendipity-devel</name> + <range><lt>200804242342</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Hanno Boeck reports:</p> + <blockquote cite="http://int21.de/cve/CVE-2008-1386-s9y.html"> + <p>The installer of serendipity 1.3 has various Cross Site Scripting issues. + This is considered low priority, as attack scenarios are very unlikely.</p> + <p>Various path fields are not escaped properly, thus filling them with + javascript code will lead to XSS. MySQL error messages are not escaped, + thus the database host field can also be filled with javascript.</p> + </blockquote> + <blockquote cite="http://int21.de/cve/CVE-2008-1385-s9y.html"> + <p>In the referrer plugin of the blog application serendipity, + the referrer string is not escaped, thus leading to a permanent + XSS.</p> + </blockquote> + </body> + </description> + <references> + <bid>28885</bid> + <cvename>CVE-2008-1385</cvename> + <cvename>CVE-2008-1386</cvename> + <url>http://int21.de/cve/CVE-2008-1385-s9y.html</url> + <url>http://int21.de/cve/CVE-2008-1386-s9y.html</url> + <url>http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html</url> + </references> + <dates> + <discovery>2008-04-22</discovery> + <entry>2008-04-25</entry> + </dates> + </vuln> + <vuln vid="67bd39ba-12b5-11dd-bab7-0016179b2dd5"> <topic>firefox -- javascript harbage collector vulnerability</topic> <affects> |