FreeBSD Bugzilla – Attachment 91427 Details for
Bug 128759
[MAINTAINER] www/habari: update to 0.5.2
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
vuln.xml
vuln.xml (text/xml), 1.05 KB, created by
Ayumi M
on 2008-12-06 06:41:16 UTC
(
hide
)
Description:
vuln.xml
Filename:
MIME Type:
Creator:
Ayumi M
Created:
2008-12-06 06:41:16 UTC
Size:
1.05 KB
patch
obsolete
><vuln vid="5e051e94-c35d-11dd-aff6-001b210f913f"> > <topic>habari -- Cross-site scripting</topic> > <affects> > <package> > <name>habari</name> > <range><lt>0.5.2</lt></range> > </package> > </affects> > <description> > <body xmlns="http://www.w3.org/1999/xhtml"> > <blockquote cite="http://secunia.com/advisories/32311/"> > <p>swappie has discovered a vulnerability in Habari, which > can be exploited by malicious people to conduct cross-site > scripting attacks.</p> > <p>Input passed via the "habari_username" parameter when > logging in is not properly sanitised before being returned > to the user. This can be exploited to execute arbitrary > HTML and script code in a user's browser session in context > of an affected site.</p> > </blockquote> > </body> > </description> > <references> > <cvename>CVE-2008-4601</cvename> > <url>http://secunia.com/advisories/32311/</url> > <url>http://www.habariproject.org/en/habari-version-0-5-2</url> > </references> ></vuln>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=91427">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 128759
:
91426
| 91427