diff options
author | Steffen Joeris <white@debian.org> | 2007-09-12 14:17:13 +0000 |
---|---|---|
committer | Steffen Joeris <white@debian.org> | 2007-09-12 14:17:13 +0000 |
commit | c7452ca89f39642e6d5866b6f688ed023f0019fb (patch) | |
tree | b2640a2e03a6912d28649d3a7b0ddf71166bbfeb /data/DTSA/advs | |
parent | 4de2d581262deebcd882bf4a0b30318702b989cc (diff) |
Add .adv file for DTSA-58-1
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6597 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
-rw-r--r-- | data/DTSA/advs/58-phpgroupware.adv | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/data/DTSA/advs/58-phpgroupware.adv b/data/DTSA/advs/58-phpgroupware.adv new file mode 100644 index 0000000000..c5a744e9bc --- /dev/null +++ b/data/DTSA/advs/58-phpgroupware.adv @@ -0,0 +1,20 @@ +source: phpgroupware +date: September 13th, 2007 +author: Steffen Joeris +vuln-type: cross scripting vulnerability +problem-scope: remote +debian-specifc: no +cve: CVE-2007-4048 +vendor-advisory: +testing-fix: 0.9.16.011-3lenny2 +sid-fix: 2.5.1-6.1 +upgrade: apttitude upgrade + +It was discovered that there is a cross-site scripting vulnerability +that allows remote attackers to inject arbitrary web script or HTML. + +CVE-2007-4048 + +Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo +2.5.4-dev and earlier allows remote attackers to inject arbitrary web +script or HTML via the PATH_INFO. |