diff options
| author | Martin Wilke <miwi@FreeBSD.org> | 2008-10-25 18:51:13 +0000 |
|---|---|---|
| committer | Martin Wilke <miwi@FreeBSD.org> | 2008-10-25 18:51:13 +0000 |
| commit | f066f6dd2e6e39b7ee1f6027c98db2f727b03a49 (patch) | |
| tree | b98de1e9de8ed9fb64abd13bfbb6f9b73f45ea2b /security/vuxml/vuln.xml | |
| parent | 362b70a0d3892c4734de1ebdb3c58025cb698f35 (diff) | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 7d73e0290743..086d1e222ef0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,58 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9d3020e4-a2c4-11dd-a9f9-0030843d3802"> + <topic>flyspray -- multiple vulnerabilities</topic> + <affects> + <package> + <name>flyspray</name> + <range><lt>0.9.9.5.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Flyspray Project reports:</p> + <blockquote cite="http://www.flyspray.org/fsa:2"> + <p>Flyspray is affected by a Cross Site scripting Vulnerability + due to an error escaping PHP's $_SERVER['QUERY_STRING'] + superglobal, that can be maliciously used to inject + arbitrary code into the savesearch() javascript function.</p> + <p>There is an XSS problem in the history tab, the application + fails to sanitize the "details" parameter correctly, leading + to the possibility of arbitrary code injection into the + getHistory() javascript function.</p> + </blockquote> + <blockquote cite="http://www.flyspray.org/fsa:3"> + <p>Flyspray is affected by a Cross Site scripting Vulnerability + due missing escaping of SQL error messages. By including HTML + code in a query and at the same time causing it to fail by + submitting invalid data, an XSS hole can be exploited.</p> + <p>There is an XSS problem in the task history attached to + comments, since the application fails to sanitize the the + old_value and new_value database fields for changed task + summaries.</p> + </blockquote> + <blockquote cite="http://secunia.com/advisories/29215"> + <p>Input passed via the "item_summary" parameter to + "index.php?do=details" is not properly sanitised before being + returned to the user. This can be exploited to execute arbitrary + HTML and script code in a user's browser session in context of + an affected site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-6461</cvename> + <cvename>CVE-2008-1165</cvename> + <cvename>CVE-2008-1166</cvename> + <url>http://secunia.com/advisories/29215</url> + </references> + <dates> + <discovery>2008-02-24</discovery> + <entry>2008-10-25</entry> + </dates> + </vuln> + <vuln vid="3a4a3e9c-a1fe-11dd-81be-001c2514716c"> <topic>wordpress -- snoopy "_httpsrequest()" shell command execution vulnerability</topic> <affects> |