aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authormiwi <miwi@FreeBSD.org>2007-11-11 23:52:23 +0800
committermiwi <miwi@FreeBSD.org>2007-11-11 23:52:23 +0800
commit2f980e9f37fad2833b7da981321ca99dec3debf3 (patch)
treebd4abeab924aac36764c2124497406261078d69b /security
parent48d409fc2a50b5e8e04ba7688506d303cc11b202 (diff)
downloadfreebsd-ports-gnome-2f980e9f37fad2833b7da981321ca99dec3debf3.tar.gz
freebsd-ports-gnome-2f980e9f37fad2833b7da981321ca99dec3debf3.tar.zst
freebsd-ports-gnome-2f980e9f37fad2833b7da981321ca99dec3debf3.zip
- Document phpmyadmin -- cross-site scripting vulnerability
Reviewed by: simon Approved by: portmgr (ports-security blanket)
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml30
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 7b117545e9fc..fb4a69fbcda5 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,36 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="2d2dcbb4-906c-11dc-a951-0016179b2dd5">
+ <topic>phpmyadmin -- cross-site scripting vulnerability</topic>
+ <affects>
+ <package>
+ <name>phpMyAdmin</name>
+ <range><lt>2.11.2.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The DigiTrust Group reports:</p>
+ <blockquote cite="http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html">
+ <p>When creating a new database, a malicious user can use a client-side
+ Web proxy to place malicious code in the db parameter of the POST
+ request. Since db_create.php does not properly sanitize user-supplied
+ input, an administrator could face a persistent XSS attack when the database
+ names are displayed.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html</url>
+ <url>http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-7</url>
+ </references>
+ <dates>
+ <discovery>2007-11-11</discovery>
+ <entry>2007-11-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="9b718b82-8ef5-11dc-8e42-001c2514716c">
<topic>gallery2 -- multiple vulnerabilities</topic>
<affects>