summaryrefslogtreecommitdiffstats
path: root/data/DTSA/advs
diff options
context:
space:
mode:
authorSteffen Joeris <white@debian.org>2007-09-12 14:17:13 +0000
committerSteffen Joeris <white@debian.org>2007-09-12 14:17:13 +0000
commitc7452ca89f39642e6d5866b6f688ed023f0019fb (patch)
treeb2640a2e03a6912d28649d3a7b0ddf71166bbfeb /data/DTSA/advs
parent4de2d581262deebcd882bf4a0b30318702b989cc (diff)
Add .adv file for DTSA-58-1
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6597 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
-rw-r--r--data/DTSA/advs/58-phpgroupware.adv20
1 files changed, 20 insertions, 0 deletions
diff --git a/data/DTSA/advs/58-phpgroupware.adv b/data/DTSA/advs/58-phpgroupware.adv
new file mode 100644
index 0000000000..c5a744e9bc
--- /dev/null
+++ b/data/DTSA/advs/58-phpgroupware.adv
@@ -0,0 +1,20 @@
+source: phpgroupware
+date: September 13th, 2007
+author: Steffen Joeris
+vuln-type: cross scripting vulnerability
+problem-scope: remote
+debian-specifc: no
+cve: CVE-2007-4048
+vendor-advisory:
+testing-fix: 0.9.16.011-3lenny2
+sid-fix: 2.5.1-6.1
+upgrade: apttitude upgrade
+
+It was discovered that there is a cross-site scripting vulnerability
+that allows remote attackers to inject arbitrary web script or HTML.
+
+CVE-2007-4048
+
+Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo
+2.5.4-dev and earlier allows remote attackers to inject arbitrary web
+script or HTML via the PATH_INFO.

© 2014-2024 Faster IT GmbH | imprint | privacy policy