diff options
| author | nectar <nectar@FreeBSD.org> | 2005-06-02 01:16:28 +0800 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2005-06-02 01:16:28 +0800 |
| commit | 5951f30223a24cef404a44453042a58de0d0d88e (patch) | |
| tree | f3172615e5094dcc4dc7101cba70f8bb724a8fbf /security/vuxml | |
| parent | aac6a862866ebcada739cee669bece20ba94b3f3 (diff) | |
| download | freebsd-ports-gnome-5951f30223a24cef404a44453042a58de0d0d88e.tar.gz freebsd-ports-gnome-5951f30223a24cef404a44453042a58de0d0d88e.tar.zst freebsd-ports-gnome-5951f30223a24cef404a44453042a58de0d0d88e.zip | |
Update entry for FreeStyle Wiki:
* <topic> style: ASCII em-dash "--" for separator
* replace quoted text with more informative excerpt from a Secunia
advisory
* add CVE name
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a3d3a895ea04..c09bf337a238 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -309,7 +309,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. </vuln> <vuln vid="84479a62-ca5f-11d9-b772-000c29b00e99"> - <topic>fswiki - XSS problem in file upload form</topic> + <topic>fswiki -- XSS problem in file upload form</topic> <affects> <package> <name>fswiki</name> @@ -318,15 +318,22 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>A JP Vendor Status Notes</p> - <blockquote cite="http://jvn.jp/jp/JVN%23465742E4/index.html"> - <p>There is a problem in fswiki (and other Wiki clones) which - may cause XSS vulnerability. - </p> + <p>A Secunia security advisory reports:</p> + <blockquote cite="http://secunia.com/advisories/15538"> + <p>A vulnerability has been reported in FreeStyle Wiki and + FSWikiLite, which can be exploited by malicious people to + conduct script insertion attacks.</p> + <p>Input passed in uploaded attachments is not properly + sanitised before being used. This can be exploited to inject + arbitrary HTML and script code, which will be executed in a + user's browser session in context of an affected site when + the malicious attachment is viewed.</p> </blockquote> </body> </description> <references> + <cvename>CAN-2005-1799</cvename> + <url>http://secunia.com/advisories/15538</url> <freebsdpr>ports/81520</freebsdpr> <url>http://fswiki.poi.jp/wiki.cgi?page=%CD%FA%CE%F2%2F2005%2D5%2D19</url> <url>http://jvn.jp/jp/JVN%23465742E4/index.html</url> @@ -334,6 +341,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. <dates> <discovery>2005-05-19</discovery> <entry>2005-05-29</entry> + <modified>2005-06-01</modified> </dates> </vuln> <vuln vid="2fbe16c2-cab6-11d9-9aed-000e0c2e438a"> |