Attachment 109974 Details for Bug 151055 – vuxml.diff

[patch] vuxml.diff

vuxml.diff (text/plain; x-mac-type="0"; x-mac-creator="0"), 1.35 KB, created by Florian Smeets on 2010-09-29 08:36:16 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Florian Smeets

Created: 2010-09-29 08:36:16 UTC

Size: 1.35 KB

patch

obsolete

>--- vuln.xml.old	2010-09-29 09:06:01.000000000 +0200
>+++ vuln.xml	2010-09-29 09:21:18.000000000 +0200
>@@ -34,6 +34,36 @@
> 
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+ <vuln vid="068732bb-cb98-11df-bc93-001c42d23634">
>+ <topic>phpmyfaq -- XSS vulnerabilities</topic>
>+ <affects>
>+ <package>
>+	<name>phpmyfaq</name>
>+	<range><ge>2.6.0</ge><lt>2.6.9</lt></range>
>+ </package>
>+ </affects>
>+ <description>
>+ <body xmlns="http://www.w3.org/1999/xhtml">
>+	The phpMyFAQ project reports:
>+	<blockquote cite="http://www.phpmyfaq.de/advisory_2010-09-28.php">
>+	 The phpMyFAQ Team has learned of a security issue that has been 
>+	 discovered in phpMyFAQ 2.6.x
>+	 phpMyFAQ doesn't sanitize some variables in different pages
>+	 correctly. With a properly crafted URL it is e.g. possible to inject
>+	 JavaScript code into the output of a page, which could result in the
>+	 leakage of domain cookies (f.e. session identifiers).
>+	</blockquote>
>+ </body>
>+ </description>
>+ <references>
>+ <url>http://www.phpmyfaq.de/advisory_2010-09-28.php</url>
>+ </references>
>+ <dates>
>+ <discovery>2010-09-28</discovery>
>+ <entry>2010-09-29</entry>
>+ </dates>
>+ </vuln>
>+
> <vuln vid="80b6d6cc-c970-11df-bb18-0015587e2cc1">
> <topic>openx -- remote code execution vulnerability</topic>
> <affects>

Actions: View | Diff

Attachments on bug 151055: 109973 | 109974