aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2004-11-12 07:53:32 +0800
committersimon <simon@FreeBSD.org>2004-11-12 07:53:32 +0800
commit928affdc0a29dade72f128d1bb3da1893f73d68c (patch)
tree13b1e129ac953846d7580843b5e8d2af15133f7b /security
parente9814a3820cb4658cb1925432248acd343528941 (diff)
downloadfreebsd-ports-gnome-928affdc0a29dade72f128d1bb3da1893f73d68c.tar.gz
freebsd-ports-gnome-928affdc0a29dade72f128d1bb3da1893f73d68c.tar.zst
freebsd-ports-gnome-928affdc0a29dade72f128d1bb3da1893f73d68c.zip
Document a XSS in squirrelmail.
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml32
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index bd49c1a379a7..9649c4c7b0d7 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -32,6 +32,38 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="7fbfe159-3438-11d9-a9e7-0001020eed82">
+ <topic>squirrelmail -- cross site scripting vulnerability</topic>
+ <affects>
+ <package>
+ <name>ja-squirrelmail</name>
+ <range><lt>1.4.3a_4,2</lt></range>
+ </package>
+ <package>
+ <name>squirrelmail</name>
+ <range><lt>1.4.3a_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>A SquirrelMail Security Notice reports:</p>
+ <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110012133608004">
+ <p>There is a cross site scripting issue in the decoding of
+ encoded text in certain headers. SquirrelMail correctly
+ decodes the specially crafted header, but doesn't sanitize
+ the decoded strings.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <mlist msgid="544475695.20041110000451@netdork.net">http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110012133608004</mlist>
+ </references>
+ <dates>
+ <discovery>2004-11-03</discovery>
+ <entry>2004-11-12</entry>
+ </dates>
+ </vuln>
+
<vuln vid="1f8dea68-3436-11d9-952f-000c6e8f12ef">
<topic>bnc -- buffer-overflow vulnerability</topic>
<affects>