FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  366223
Date:      2014-08-26
Time:      16:36:41Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
96ed277b-60e0-11db-ad2d-0016179b2dd5Serendipity -- XSS Vulnerabilities

The Serendipity Team reports:

Serendipity failed to correctly sanitize user input on the media manager administration page. The content of GET variables were written into JavaScript strings. By using standard string evasion techniques it was possible to execute arbitrary JavaScript.

Additionally Serendipity dynamically created a HTML form on the media manager administration page that contained all variables found in the URL as hidden fields. While the variable values were correctly escaped it was possible to break out by specifying strange variable names.


Discovery 2006-10-19
Entry 2006-10-21
serendipity
lt 1.0.1

http://www.hardened-php.net/advisory_112006.136.htmlSerendipity
http://secunia.com/advisories/22501/
96ed277b-60e0-11db-ad2d-0016179b2dd5Serendipity -- XSS Vulnerabilities

The Serendipity Team reports:

Serendipity failed to correctly sanitize user input on the media manager administration page. The content of GET variables were written into JavaScript strings. By using standard string evasion techniques it was possible to execute arbitrary JavaScript.

Additionally Serendipity dynamically created a HTML form on the media manager administration page that contained all variables found in the URL as hidden fields. While the variable values were correctly escaped it was possible to break out by specifying strange variable names.


Discovery 2006-10-19
Entry 2006-10-21
serendipity
lt 1.0.1

http://www.hardened-php.net/advisory_112006.136.htmlSerendipity
http://secunia.com/advisories/22501/
9c133aa0-12bd-11dd-bab7-0016179b2dd5serendipity -- multiple cross site scripting vulnerabilities

Hanno Boeck reports:

The installer of serendipity 1.3 has various Cross Site Scripting issues. This is considered low priority, as attack scenarios are very unlikely.

Various path fields are not escaped properly, thus filling them with javascript code will lead to XSS. MySQL error messages are not escaped, thus the database host field can also be filled with javascript.

In the referrer plugin of the blog application serendipity, the referrer string is not escaped, thus leading to a permanent XSS.


Discovery 2008-04-22
Entry 2008-04-25
serendipity
lt 1.3.1

serendipity-devel
lt 200804242342

28885
CVE-2008-1385
CVE-2008-1386
http://int21.de/cve/CVE-2008-1385-s9y.html
http://int21.de/cve/CVE-2008-1386-s9y.html
http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
9c133aa0-12bd-11dd-bab7-0016179b2dd5serendipity -- multiple cross site scripting vulnerabilities

Hanno Boeck reports:

The installer of serendipity 1.3 has various Cross Site Scripting issues. This is considered low priority, as attack scenarios are very unlikely.

Various path fields are not escaped properly, thus filling them with javascript code will lead to XSS. MySQL error messages are not escaped, thus the database host field can also be filled with javascript.

In the referrer plugin of the blog application serendipity, the referrer string is not escaped, thus leading to a permanent XSS.


Discovery 2008-04-22
Entry 2008-04-25
serendipity
lt 1.3.1

serendipity-devel
lt 200804242342

28885
CVE-2008-1385
CVE-2008-1386
http://int21.de/cve/CVE-2008-1385-s9y.html
http://int21.de/cve/CVE-2008-1386-s9y.html
http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html