FreeBSD Bugzilla – Attachment 109974 Details for
Bug 151055
[MAINTAINER] [security] www/phpmyfaq: update to 2.6.9, fix XSS vulnerability
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml.diff
vuxml.diff (text/plain; x-mac-type="0"; x-mac-creator="0"), 1.35 KB, created by
Florian Smeets
on 2010-09-29 08:36:16 UTC
(
hide
)
Description:
vuxml.diff
Filename:
MIME Type:
Creator:
Florian Smeets
Created:
2010-09-29 08:36:16 UTC
Size:
1.35 KB
patch
obsolete
>--- vuln.xml.old 2010-09-29 09:06:01.000000000 +0200 >+++ vuln.xml 2010-09-29 09:21:18.000000000 +0200 >@@ -34,6 +34,36 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="068732bb-cb98-11df-bc93-001c42d23634"> >+ <topic>phpmyfaq -- XSS vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>phpmyfaq</name> >+ <range><ge>2.6.0</ge><lt>2.6.9</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>The phpMyFAQ project reports:</p> >+ <blockquote cite="http://www.phpmyfaq.de/advisory_2010-09-28.php"> >+ <p>The phpMyFAQ Team has learned of a security issue that has been >+ discovered in phpMyFAQ 2.6.x</p> >+ <p>phpMyFAQ doesn't sanitize some variables in different pages >+ correctly. With a properly crafted URL it is e.g. possible to inject >+ JavaScript code into the output of a page, which could result in the >+ leakage of domain cookies (f.e. session identifiers).</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>http://www.phpmyfaq.de/advisory_2010-09-28.php</url> >+ </references> >+ <dates> >+ <discovery>2010-09-28</discovery> >+ <entry>2010-09-29</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="80b6d6cc-c970-11df-bb18-0015587e2cc1"> > <topic>openx -- remote code execution vulnerability</topic> > <affects>
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 151055
:
109973
| 109974