aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml43
1 files changed, 43 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 8c3a0f8c02e1..c0dea4fad198 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,49 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="9c133aa0-12bd-11dd-bab7-0016179b2dd5">
+ <topic>serendipity -- multiple cross site scripting vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>serendipity</name>
+ <range><lt>1.3.1</lt></range>
+ </package>
+ <package>
+ <name>serendipity-devel</name>
+ <range><lt>200804242342</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Hanno Boeck reports:</p>
+ <blockquote cite="http://int21.de/cve/CVE-2008-1386-s9y.html">
+ <p>The installer of serendipity 1.3 has various Cross Site Scripting issues.
+ This is considered low priority, as attack scenarios are very unlikely.</p>
+ <p>Various path fields are not escaped properly, thus filling them with
+ javascript code will lead to XSS. MySQL error messages are not escaped,
+ thus the database host field can also be filled with javascript.</p>
+ </blockquote>
+ <blockquote cite="http://int21.de/cve/CVE-2008-1385-s9y.html">
+ <p>In the referrer plugin of the blog application serendipity,
+ the referrer string is not escaped, thus leading to a permanent
+ XSS.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>28885</bid>
+ <cvename>CVE-2008-1385</cvename>
+ <cvename>CVE-2008-1386</cvename>
+ <url>http://int21.de/cve/CVE-2008-1385-s9y.html</url>
+ <url>http://int21.de/cve/CVE-2008-1386-s9y.html</url>
+ <url>http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html</url>
+ </references>
+ <dates>
+ <discovery>2008-04-22</discovery>
+ <entry>2008-04-25</entry>
+ </dates>
+ </vuln>
+
<vuln vid="67bd39ba-12b5-11dd-bab7-0016179b2dd5">
<topic>firefox -- javascript harbage collector vulnerability</topic>
<affects>