ports/129475: [vuxml] [MAINTAINER] www/habari:
Ayumi M
ayu at dahlia.commun.jp
Sun Dec 7 06:40:01 UTC 2008
>Number: 129475
>Category: ports
>Synopsis: [vuxml] [MAINTAINER] www/habari:
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sun Dec 07 06:40:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Ayumi M
>Release: FreeBSD 7.0-RELEASE-p5 i386
>Organization:
>Environment:
System: FreeBSD dahlia.commun.jp 7.0-RELEASE-p5 FreeBSD 7.0-RELEASE-p5 #0: Wed Oct 1 10:10:12 UTC 2008 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
>Description:
VuXML update for CVE-2008-4601
criting from http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4601
--
Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter.
--
>How-To-Repeat:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4601
http://secunia.com/advisories/32311/
>Fix:
--- vuln-5e051e94-c35d-11dd-aff6-001b210f913f.xml begins here ---
<vuln vid="5e051e94-c35d-11dd-aff6-001b210f913f">
<topic>habari -- Cross-site scripting</topic>
<affects>
<package>
<name>habari</name>
<range><lt>0.5.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<blockquote cite="http://secunia.com/advisories/32311/">
<p>swappie has discovered a vulnerability in Habari, which
can be exploited by malicious people to conduct cross-site
scripting attacks.</p>
<p>Input passed via the "habari_username" parameter when
logging in is not properly sanitised before being returned
to the user. This can be exploited to execute arbitrary
HTML and script code in a user's browser session in context
of an affected site.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2008-4601</cvename>
<url>http://secunia.com/advisories/32311/</url>
<url>http://www.habariproject.org/en/habari-version-0-5-2</url>
</references>
<dates>
<discovery>2008-10-15</discovery>
</dates>
</vuln>
--- vuln-5e051e94-c35d-11dd-aff6-001b210f913f.xml ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list