diff options
| author | Carlo Strub <cs@FreeBSD.org> | 2013-07-11 07:50:26 +0000 |
|---|---|---|
| committer | Carlo Strub <cs@FreeBSD.org> | 2013-07-11 07:50:26 +0000 |
| commit | 51d58f52f380faa7490a5bf1ba700ec5c939a8a5 (patch) | |
| tree | 56c19a69c26a2e5bbf2b34ad814671d6042f32d5 /security/vuxml | |
| parent | 4147b2b813368b605c18ef6960017d4c8d71e2d1 (diff) | |
| download | ports-51d58f52f380faa7490a5bf1ba700ec5c939a8a5.tar.gz ports-51d58f52f380faa7490a5bf1ba700ec5c939a8a5.zip | |
Notes
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 663f752d32e0..d4d5f72017f5 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,33 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e3e788aa-e9fd-11e2-a96e-60a44c524f57"> + <topic>otrs -- Sql Injection + Xss Issue</topic> + <affects> + <package> + <name>otrs</name> + <range><lt>3.1.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The OTRS Project reports:</p> + <blockquote cite="http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-05/"> + <p>An attacker with a valid agent login could manipulate URLs leading to SQL injection. An attacker with a valid agent login could manipulate URLs in the ITSM ConfigItem search, leading to a JavaScript code injection (XSS) problem.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-4717</cvename> + <cvename>CVE-2013-4718</cvename> + <url>http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-05/</url> + </references> + <dates> + <discovery>2013-07-09</discovery> + <entry>2013-07-11</entry> + </dates> + </vuln> + <vuln vid="3b80104f-e96c-11e2-8bac-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |