FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  363221
Date:      2014-07-28
Time:      18:38:13Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
9c133aa0-12bd-11dd-bab7-0016179b2dd5serendipity -- multiple cross site scripting vulnerabilities

Hanno Boeck reports:

The installer of serendipity 1.3 has various Cross Site Scripting issues. This is considered low priority, as attack scenarios are very unlikely.

Various path fields are not escaped properly, thus filling them with javascript code will lead to XSS. MySQL error messages are not escaped, thus the database host field can also be filled with javascript.

In the referrer plugin of the blog application serendipity, the referrer string is not escaped, thus leading to a permanent XSS.


Discovery 2008-04-22
Entry 2008-04-25
serendipity
lt 1.3.1

serendipity-devel
lt 200804242342

28885
CVE-2008-1385
CVE-2008-1386
http://int21.de/cve/CVE-2008-1385-s9y.html
http://int21.de/cve/CVE-2008-1386-s9y.html
http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
9c133aa0-12bd-11dd-bab7-0016179b2dd5serendipity -- multiple cross site scripting vulnerabilities

Hanno Boeck reports:

The installer of serendipity 1.3 has various Cross Site Scripting issues. This is considered low priority, as attack scenarios are very unlikely.

Various path fields are not escaped properly, thus filling them with javascript code will lead to XSS. MySQL error messages are not escaped, thus the database host field can also be filled with javascript.

In the referrer plugin of the blog application serendipity, the referrer string is not escaped, thus leading to a permanent XSS.


Discovery 2008-04-22
Entry 2008-04-25
serendipity
lt 1.3.1

serendipity-devel
lt 200804242342

28885
CVE-2008-1385
CVE-2008-1386
http://int21.de/cve/CVE-2008-1385-s9y.html
http://int21.de/cve/CVE-2008-1386-s9y.html
http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html