diff options
| author | Jason Unovitch <junovitch@FreeBSD.org> | 2015-11-11 02:16:23 +0000 |
|---|---|---|
| committer | Jason Unovitch <junovitch@FreeBSD.org> | 2015-11-11 02:16:23 +0000 |
| commit | 5d91b7a2598e54b425377b2877dd229e1ba68ae2 (patch) | |
| tree | 8cc560dfab24ae0c3d8fb232007f18d3fa31ef7a | |
| parent | a624dd3014f0ec0e0ea8693094dfc583c150d16b (diff) | |
| download | ports-5d91b7a2598e54b425377b2877dd229e1ba68ae2.tar.gz ports-5d91b7a2598e54b425377b2877dd229e1ba68ae2.zip | |
Notes
| -rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b2fb82a6bb1c..c334a63d4555 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,37 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2f7f4db2-8819-11e5-ab94-002590263bf5"> + <topic>p5-HTML-Scrubber -- XSS vulnerability</topic> + <affects> + <package> + <name>p5-HTML-Scrubber</name> + <range><lt>0.15</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>MITRE reports:</p> + <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5667"> + <p>Cross-site scripting (XSS) vulnerability in the HTML-Scrubber + module before 0.15 for Perl, when the comment feature is enabled, + allows remote attackers to inject arbitrary web script or HTML via + a crafted comment.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2015-5667</cvename> + <url>https://metacpan.org/release/HTML-Scrubber</url> + <url>http://jvndb.jvn.jp/jvndb/JVNDB-2015-000171</url> + <url>http://jvn.jp/en/jp/JVN53973084/index.html</url> + </references> + <dates> + <discovery>2015-10-10</discovery> + <entry>2015-11-11</entry> + </dates> + </vuln> + <vuln vid="6ca7eddd-d436-486a-b169-b948436bcf14"> <topic>libvpx -- buffer overflow in vp9_init_context_buffers</topic> <affects> |