diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8c3a0f8c02e1..c0dea4fad198 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,49 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9c133aa0-12bd-11dd-bab7-0016179b2dd5"> + <topic>serendipity -- multiple cross site scripting vulnerabilities</topic> + <affects> + <package> + <name>serendipity</name> + <range><lt>1.3.1</lt></range> + </package> + <package> + <name>serendipity-devel</name> + <range><lt>200804242342</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Hanno Boeck reports:</p> + <blockquote cite="http://int21.de/cve/CVE-2008-1386-s9y.html"> + <p>The installer of serendipity 1.3 has various Cross Site Scripting issues. + This is considered low priority, as attack scenarios are very unlikely.</p> + <p>Various path fields are not escaped properly, thus filling them with + javascript code will lead to XSS. MySQL error messages are not escaped, + thus the database host field can also be filled with javascript.</p> + </blockquote> + <blockquote cite="http://int21.de/cve/CVE-2008-1385-s9y.html"> + <p>In the referrer plugin of the blog application serendipity, + the referrer string is not escaped, thus leading to a permanent + XSS.</p> + </blockquote> + </body> + </description> + <references> + <bid>28885</bid> + <cvename>CVE-2008-1385</cvename> + <cvename>CVE-2008-1386</cvename> + <url>http://int21.de/cve/CVE-2008-1385-s9y.html</url> + <url>http://int21.de/cve/CVE-2008-1386-s9y.html</url> + <url>http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html</url> + </references> + <dates> + <discovery>2008-04-22</discovery> + <entry>2008-04-25</entry> + </dates> + </vuln> + <vuln vid="67bd39ba-12b5-11dd-bab7-0016179b2dd5"> <topic>firefox -- javascript harbage collector vulnerability</topic> <affects> |