FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6d68618a-7199-11db-a2ad-000c6ec775d9bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

  • Sometimes the information put into the

    and

    tags in Bugzilla was not properly escaped, leading to a possible XSS vulnerability.

  • Bugzilla administrators were allowed to put raw, unfiltered HTML into many fields in Bugzilla, leading to a possible XSS vulnerability. Now, the HTML allowed in those fields is limited.
  • attachment.cgi could leak the names of private attachments
  • The "deadline" field was visible in the XML format of a bug, even to users who were not a member of the "timetrackinggroup."
  • A malicious user could pass a URL to an admin, and make the admin delete or change something that he had not intended to delete or change.
  • It is possible to inject arbitrary HTML into the showdependencygraph.cgi page, allowing for a cross-site scripting attack.

Discovery 2006-10-15
Entry 2006-11-11
bugzilla
ja-bugzilla
gt 2.* lt 2.22.1

CVE-2006-5453
CVE-2006-5454
CVE-2006-5455
http://www.bugzilla.org/security/2.18.5/