diff options
| author | Sofian Brabez <sbz@FreeBSD.org> | 2012-05-12 14:23:42 +0000 |
|---|---|---|
| committer | Sofian Brabez <sbz@FreeBSD.org> | 2012-05-12 14:23:42 +0000 |
| commit | 9f692d5b2f9cbc94202823867d7dfbd989d68cc6 (patch) | |
| tree | 96ed4a519057d71b4338b61dc42a80647a8ec1b1 | |
| parent | b996cf999f23ce25de51382b0026b62e628626e1 (diff) | |
| download | ports-9f692d5b2f9cbc94202823867d7dfbd989d68cc6.tar.gz ports-9f692d5b2f9cbc94202823867d7dfbd989d68cc6.zip | |
Notes
| -rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c90c4f992fb5..8913efe70628 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="0d3547ab-9b69-11e1-bdb1-525401003090"> + <topic>PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability</topic> + <affects> + <package> + <name>pivotx</name> + <range><le>2.3.2</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>High-Tech Bridge reports:</p> + <blockquote cite="https://www.htbridge.com/advisory/HTB23087"> + <p>Input passed via the "file" GET parameter to + /pivotx/ajaxhelper.php is not properly sanitised before + being returned to the user. This can be exploited to + execute arbitrary HTML and script code in administrator's + browser session in context of the affected website.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-2274</cvename> + <bid>52159</bid> + </references> + <dates> + <discovery>2012-05-09</discovery> + <entry>2012-05-12</entry> + </dates> + </vuln> + <vuln vid="b91234e7-9a8b-11e1-b666-001636d274f3"> <topic>NVIDIA UNIX driver -- access to arbitrary system memory</topic> <affects> |