diff options
| author | nectar <nectar@FreeBSD.org> | 2004-10-27 20:25:06 +0800 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2004-10-27 20:25:06 +0800 |
| commit | 20a34c919b2e19fdd41f29ec7a7c8934967b5ec1 (patch) | |
| tree | b47768ba54ac7c7cc7534c3d05a86b6f00cd6355 /security | |
| parent | f80c0a5d2165387aa1bd7008ae47adda06ae7665 (diff) | |
| download | freebsd-ports-gnome-20a34c919b2e19fdd41f29ec7a7c8934967b5ec1.tar.gz freebsd-ports-gnome-20a34c919b2e19fdd41f29ec7a7c8934967b5ec1.tar.zst freebsd-ports-gnome-20a34c919b2e19fdd41f29ec7a7c8934967b5ec1.zip | |
Create a VuXML entry for Horde XSS help window vulnerability to replace
the portaudit-db entry.
Diffstat (limited to 'security')
| -rw-r--r-- | security/portaudit-db/database/portaudit.txt | 1 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 28 |
2 files changed, 28 insertions, 1 deletions
diff --git a/security/portaudit-db/database/portaudit.txt b/security/portaudit-db/database/portaudit.txt index bc014ee63852..8af707ee902e 100644 --- a/security/portaudit-db/database/portaudit.txt +++ b/security/portaudit-db/database/portaudit.txt @@ -81,4 +81,3 @@ mpg123<=0.59r_13|http://secunia.com/advisories/12478 http://www.osvdb.org/9748 h imp<3.2.6|http://thread.gmane.org/gmane.comp.horde.imp/15488 http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.109&r2=1.389.2.111&ty=h|XSS hole in the HTML viewer - The script vulnerabilities can only be exposed with certain browsers and allow XSS attacks when viewing HTML messages with the HTML MIME viewer.|efc4819b-0b2d-11d9-bfe1-000bdb1444a4 koffice<1.3.2_1,1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|ecf6713f-2549-11d9-945e-00e018f69096 kdegraphics>=3.2.0<3.3.0_1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|6a04bf0e-254b-11d9-945e-00e018f69096 -horde<2.2.7|http://lists.horde.org/archives/announce/2004/000107.html|Potential XSS vulnerability in the help window.|ed1d404d-2784-11d9-b954-000bdb1444a4 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b4fdcf099821..de2051a7c71b 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,34 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="ed1d404d-2784-11d9-b954-000bdb1444a4"> + <topic>horde -- cross-site scripting vulnerability in help + window</topic> + <affects> + <package> + <name>horde</name> + <name>horde-devel</name> + <range><lt>2.2.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Horde Team announcement states that a potential cross-site + scripting vulnerability in the help window has been + corrected. The vulnerability appears to involve the handling + of the <code>topic</code> and <code>module</code> parameters + of the help window template.</p> + </body> + </description> + <references> + <mlist msgid="20041026115303.10FBEC046E@neo.wg.de">http://marc.theaimsgroup.com/?l=horde-announce&m=109879164718625</mlist> + </references> + <dates> + <discovery>2004-10-06</discovery> + <entry>2004-10-27</entry> + </dates> + </vuln> + <vuln vid="f4428842-a583-4a4c-89b7-297c3459a1c3"> <topic>bogofilter -- RFC 2047 decoder denial-of-service vulnerability</topic> <affects> |