cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create a VuXML entry for Horde XSS help window vulnerability to replace

Browse Source 
the portaudit-db entry.
This commit is contained in:
Jacques Vidrine 2004-10-27 12:25:06 +00:00
parent 662f85ea07
commit 9cfb8ca626
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=120309
3 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ports-mgmt/portaudit-db/database/portaudit.txt
View File

@ -81,4 +81,3 @@ mpg123<=0.59r_13|http://secunia.com/advisories/12478 http://www.osvdb.org/9748 h
imp<3.2.6|http://thread.gmane.org/gmane.comp.horde.imp/15488 http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.109&r2=1.389.2.111&ty=h|XSS hole in the HTML viewer - The script vulnerabilities can only be exposed with certain browsers and allow XSS attacks when viewing HTML messages with the HTML MIME viewer.|efc4819b-0b2d-11d9-bfe1-000bdb1444a4
koffice<1.3.2_1,1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|ecf6713f-2549-11d9-945e-00e018f69096
kdegraphics>=3.2.0<3.3.0_1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|6a04bf0e-254b-11d9-945e-00e018f69096
horde<2.2.7|http://lists.horde.org/archives/announce/2004/000107.html|Potential XSS vulnerability in the help window.|ed1d404d-2784-11d9-b954-000bdb1444a4

1
security/portaudit-db/database/portaudit.txt
View File

@ -81,4 +81,3 @@ mpg123<=0.59r_13|http://secunia.com/advisories/12478 http://www.osvdb.org/9748 h
imp<3.2.6|http://thread.gmane.org/gmane.comp.horde.imp/15488 http://cvs.horde.org/diff.php/imp/docs/CHANGES?r1=1.389.2.109&r2=1.389.2.111&ty=h|XSS hole in the HTML viewer - The script vulnerabilities can only be exposed with certain browsers and allow XSS attacks when viewing HTML messages with the HTML MIME viewer.|efc4819b-0b2d-11d9-bfe1-000bdb1444a4
koffice<1.3.2_1,1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|ecf6713f-2549-11d9-945e-00e018f69096
kdegraphics>=3.2.0<3.3.0_1|http://kde.org/info/security/advisory-20041021-1.txt|Multiple integer overflow and integer arithmetic flaws in imported xpdf code|6a04bf0e-254b-11d9-945e-00e018f69096
horde<2.2.7|http://lists.horde.org/archives/announce/2004/000107.html|Potential XSS vulnerability in the help window.|ed1d404d-2784-11d9-b954-000bdb1444a4

28
security/vuxml/vuln.xml
View File

@ -32,6 +32,34 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="ed1d404d-2784-11d9-b954-000bdb1444a4">
<topic>horde -- cross-site scripting vulnerability in help
window</topic>
<affects>
<package>
<name>horde</name>
<name>horde-devel</name>
<range><lt>2.2.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Horde Team announcement states that a potential cross-site
scripting vulnerability in the help window has been
corrected. The vulnerability appears to involve the handling
of the <code>topic</code> and <code>module</code> parameters
of the help window template.</p>
</body>
</description>
<references>
<mlist msgid="20041026115303.10FBEC046E@neo.wg.de">http://marc.theaimsgroup.com/?l=horde-announce&amp;m=109879164718625</mlist>
</references>
<dates>
<discovery>2004-10-06</discovery>
<entry>2004-10-27</entry>
</dates>
</vuln>
<vuln vid="f4428842-a583-4a4c-89b7-297c3459a1c3">
<topic>bogofilter -- RFC 2047 decoder denial-of-service vulnerability</topic>
<affects>