FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  491044
Date:      2019-01-23
Time:      15:10:37Z
Committer: zi

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3d0eeef8-0cf9-11e8-99b0-d017c2987f9aMailman -- Cross-site scripting (XSS) vulnerability in the web UI

Mark Sapiro reports:

An XSS vulnerability in the user options CGI could allow a crafted URL to execute arbitrary javascript in a user's browser. A related issue could expose information on a user's options page without requiring login.

Discovery 2018-01-20
Entry 2018-02-08
lt 2.1.26

lt 2.1.26

le 2.1.14.j7_3,1
b11ab01b-6e19-11e6-ab24-080027ef73ecmailman -- CSRF protection enhancements

Mark Sapiro reports:

CSRF protection has been extended to the user options page. This was actually fixed by Tokio Kikuchi as part of the fix for LP: #775294 and intended for Mailman 2.1.15, but that fix wasn't completely merged at the time. The full fix also addresses the admindb, and edithtml pages as well as the user options page and the previously fixed admin pages. Thanks to Nishant Agarwala for reporting the issue.

Discovery 2016-08-19
Entry 2016-08-29
lt 2.1.23