diff options
author | miwi <miwi@FreeBSD.org> | 2008-10-26 02:51:13 +0800 |
---|---|---|
committer | miwi <miwi@FreeBSD.org> | 2008-10-26 02:51:13 +0800 |
commit | 7de0d3ee98b32d0b2ef87a53a4deeca4ac197db6 (patch) | |
tree | 960c6c380eec6d2801a6c462de501aba5e1bc955 /security/vuxml | |
parent | 3d80b9815e540cadaaa3d257ed33130a8cff3ad2 (diff) | |
download | freebsd-ports-graphics-7de0d3ee98b32d0b2ef87a53a4deeca4ac197db6.tar.gz freebsd-ports-graphics-7de0d3ee98b32d0b2ef87a53a4deeca4ac197db6.tar.zst freebsd-ports-graphics-7de0d3ee98b32d0b2ef87a53a4deeca4ac197db6.zip |
- Document flyspray -- multiple vulnerabilities
Submitted by: Nick Hilliard (nick@foobar.org) (based on)
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 7d73e029074..086d1e222ef 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,58 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9d3020e4-a2c4-11dd-a9f9-0030843d3802"> + <topic>flyspray -- multiple vulnerabilities</topic> + <affects> + <package> + <name>flyspray</name> + <range><lt>0.9.9.5.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Flyspray Project reports:</p> + <blockquote cite="http://www.flyspray.org/fsa:2"> + <p>Flyspray is affected by a Cross Site scripting Vulnerability + due to an error escaping PHP's $_SERVER['QUERY_STRING'] + superglobal, that can be maliciously used to inject + arbitrary code into the savesearch() javascript function.</p> + <p>There is an XSS problem in the history tab, the application + fails to sanitize the "details" parameter correctly, leading + to the possibility of arbitrary code injection into the + getHistory() javascript function.</p> + </blockquote> + <blockquote cite="http://www.flyspray.org/fsa:3"> + <p>Flyspray is affected by a Cross Site scripting Vulnerability + due missing escaping of SQL error messages. By including HTML + code in a query and at the same time causing it to fail by + submitting invalid data, an XSS hole can be exploited.</p> + <p>There is an XSS problem in the task history attached to + comments, since the application fails to sanitize the the + old_value and new_value database fields for changed task + summaries.</p> + </blockquote> + <blockquote cite="http://secunia.com/advisories/29215"> + <p>Input passed via the "item_summary" parameter to + "index.php?do=details" is not properly sanitised before being + returned to the user. This can be exploited to execute arbitrary + HTML and script code in a user's browser session in context of + an affected site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-6461</cvename> + <cvename>CVE-2008-1165</cvename> + <cvename>CVE-2008-1166</cvename> + <url>http://secunia.com/advisories/29215</url> + </references> + <dates> + <discovery>2008-02-24</discovery> + <entry>2008-10-25</entry> + </dates> + </vuln> + <vuln vid="3a4a3e9c-a1fe-11dd-81be-001c2514716c"> <topic>wordpress -- snoopy "_httpsrequest()" shell command execution vulnerability</topic> <affects> |