From c7452ca89f39642e6d5866b6f688ed023f0019fb Mon Sep 17 00:00:00 2001 From: Steffen Joeris Date: Wed, 12 Sep 2007 14:17:13 +0000 Subject: Add .adv file for DTSA-58-1 git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6597 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/DTSA/advs/58-phpgroupware.adv | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 data/DTSA/advs/58-phpgroupware.adv (limited to 'data/DTSA/advs') diff --git a/data/DTSA/advs/58-phpgroupware.adv b/data/DTSA/advs/58-phpgroupware.adv new file mode 100644 index 0000000000..c5a744e9bc --- /dev/null +++ b/data/DTSA/advs/58-phpgroupware.adv @@ -0,0 +1,20 @@ +source: phpgroupware +date: September 13th, 2007 +author: Steffen Joeris +vuln-type: cross scripting vulnerability +problem-scope: remote +debian-specifc: no +cve: CVE-2007-4048 +vendor-advisory: +testing-fix: 0.9.16.011-3lenny2 +sid-fix: 2.5.1-6.1 +upgrade: apttitude upgrade + +It was discovered that there is a cross-site scripting vulnerability +that allows remote attackers to inject arbitrary web script or HTML. + +CVE-2007-4048 + +Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo +2.5.4-dev and earlier allows remote attackers to inject arbitrary web +script or HTML via the PATH_INFO. -- cgit v1.2.3