diff options
author | Matthew Seaman <matthew@FreeBSD.org> | 2013-04-20 09:24:30 +0000 |
---|---|---|
committer | Matthew Seaman <matthew@FreeBSD.org> | 2013-04-20 09:24:30 +0000 |
commit | a42fa048d7c054eb328fafc109f38c1e3243b3c9 (patch) | |
tree | 99c444fd590c1d77e7b8a70cddce024a85dccb9f /security | |
parent | f59fca65682f21a1ab08b671115ba0fa811e716e (diff) | |
download | ports-a42fa048d7c054eb328fafc109f38c1e3243b3c9.tar.gz ports-a42fa048d7c054eb328fafc109f38c1e3243b3c9.zip |
Notes
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index cd7a35ad5bd1..f83167ed41e8 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,35 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="7280c3f6-a99a-11e2-8cef-6805ca0b3d42"> + <topic>phpMyAdmin -- XSS due to unescaped HTML output in GIS visualisation page</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><ge>3.5</ge><lt>3.5.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMyAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-1.php"> + <p> When modifying a URL parameter with a crafted value it + is possible to trigger an XSS.</p> + <p>These XSS can only be triggered when a valid database is + known and when a valid cookie token is used.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-1937</cvename> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-1.php</url> + </references> + <dates> + <discovery>2013-04-18</discovery> + <entry>2013-04-20</entry> + </dates> + </vuln> + <vuln vid="a592e991-a919-11e2-ade0-8c705af55518"> <topic>roundcube -- arbitrary file disclosure vulnerability</topic> <affects> |