FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
df328fac-f942-11e5-92ce-002590263bf5py-djblets -- Self-XSS vulnerability

Djblets Release Notes reports:

A recently-discovered vulnerability in the datagrid templates allows an attacker to generate a URL to any datagrid page containing malicious code in a column sorting value. If the user visits that URL and then clicks that column, the code will execute.

The cause of the vulnerability was due to a template not escaping user-provided values.


Discovery 2016-03-01
Entry 2016-04-03
py27-djblets
py32-djblets
py33-djblets
py34-djblets
py35-djblets
lt 0.9.2

https://www.reviewboard.org/docs/releasenotes/djblets/0.9.2/