diff options
| author | miwi <miwi@FreeBSD.org> | 2007-11-01 20:46:52 +0800 |
|---|---|---|
| committer | miwi <miwi@FreeBSD.org> | 2007-11-01 20:46:52 +0800 |
| commit | 18fedc804790243475bdb6cb8609e8fbcd344872 (patch) | |
| tree | 25fd71c7d20d9b15657deb2ef5c807a0afffaae1 /security | |
| parent | 9253e2c53fa24a6e2e944057970e286befbf0270 (diff) | |
| download | freebsd-ports-graphics-18fedc804790243475bdb6cb8609e8fbcd344872.tar.gz freebsd-ports-graphics-18fedc804790243475bdb6cb8609e8fbcd344872.tar.zst freebsd-ports-graphics-18fedc804790243475bdb6cb8609e8fbcd344872.zip | |
- document wordpress -- cross-site scripting
Reviewed by: simon
Approved by: portmgr (ports-security blanket)
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e5482dcfa8e..e9536dfada5 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,42 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a467d0f9-8875-11dc-b3ba-0016179b2dd5"> + <topic>wordpress -- cross-site scripting</topic> + <affects> + <package> + <name>wordpress</name> + <name>de-wordpress</name> + <range><lt>2.3.1</lt></range> + </package> + <package> + <name>zh-wordpress</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Secunia Advisory report:</p> + <blockquote cite="http://secunia.com/advisories/27407"> + <p>Input passed to the "posts_columns" parameter in + wp-admin/edit-post-rows.php is not properly sanitised before + being returned to the user. This can be exploited to execute + arbitrary HTML and script code in a user's browser session in + context of an affected site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-5710</cvename> + <url>http://secunia.com/advisories/27407</url> + <url>http://wordpress.org/development/2007/10/wordpress-231/</url> + </references> + <dates> + <discovery>2007-11-29</discovery> + <entry>2007-11-01</entry> + </dates> + </vuln> + <vuln vid="db449245-870d-11dc-a3ec-001921ab2fa4"> <topic>openldap -- multiple remote denial of service vulnerabilities</topic> <affects> |