svn commit: r487425 - head/security/vuxml
Jochen Neumeister
joneum at FreeBSD.org
Fri Dec 14 11:57:21 UTC 2018
Author: joneum
Date: Fri Dec 14 11:57:19 2018
New Revision: 487425
URL: https://svnweb.freebsd.org/changeset/ports/487425
Log:
Add entry for typo3-8 and typo3-9
PR: 233935 233936
Sponsored by: Netzkommune GmbH
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Dec 14 11:28:43 2018 (r487424)
+++ head/security/vuxml/vuln.xml Fri Dec 14 11:57:19 2018 (r487425)
@@ -58,6 +58,68 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="bab29816-ff93-11e8-b05b-00e04c1ea73d">
+ <topic>typo3 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>typo3-8</name>
+ <range><lt>8.7.21</lt></range>
+ </package>
+ <package>
+ <name>typo3-9</name>
+ <range><lt>9.5.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Typo3 core team reports:</p>
+ <blockquote cite="https://typo3.org/article/typo3-952-8721-and-7632-security-releases-published/">
+ <p>CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported by maxarr.
+ The vulnerability stemmed from the fact that it was possible to execute XSS inside
+ the CKEditor source area after persuading the victim to: (i) switch CKEditor to
+ source mode, then (ii) paste a specially crafted HTML code, prepared by the attacker,
+ into the opened CKEditor source area, and (iii) switch back to WYSIWYG mode.
+ Although this is an unlikely scenario, we recommend to upgrade to the latest editor version.</p>
+ <p>Failing to properly encode user input, online media asset rendering
+ (*.youtube and *.vimeo files) is vulnerable to cross-site scripting. A valid backend user
+ account or write access on the server system (e.g. SFTP) is needed in order to exploit this
+ vulnerability.</p>
+ <p>Failing to properly encode user input, notifications shown in modal windows in the TYPO3
+ backend are vulnerable to cross-site scripting. A valid backend user account is needed in
+ order to exploit this vulnerability.</p>
+ <p>Failing to properly encode user input, login status display is vulnerable to cross-site
+ scripting in the website frontend. A valid user account is needed in order to exploit this
+ vulnerability - either a backend user or a frontend user having the possibility to modify
+ their user profile.
+ Template patterns that are affected are:
+ ###FEUSER_[fieldName]### using system extension felogin
+ <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually
+ using TypoScript setting config.USERNAME_substToken)</p>
+ <p>It has been discovered that cookies created in the Install Tool are not hardened to be
+ submitted only via HTTP. In combination with other vulnerabilities such as cross-site
+ scripting it can lead to hijacking an active and valid session in the Install Tool.</p>
+ <p>The Install Tool exposes the current TYPO3 version number to non-authenticated users.</p>
+ <p>Online Media Asset Handling (*.youtube and *.vimeo files) in the TYPO3 backend is vulnerable
+ to denial of service. Putting large files with according file extensions results in high
+ consumption of system resources. This can lead to exceeding limits of the current PHP process
+ which results in a dysfunctional backend component. A valid backend user account or write
+ access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.</p>
+ <p>TYPO3’s built-in record registration functionality (aka “basic shopping cart”) using recs
+ URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous
+ user sessions are valid, attackers can use this vulnerability in order to create an arbitrary
+ amount of individual session-data records in the database.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://typo3.org/article/typo3-952-8721-and-7632-security-releases-published/</url>
+ </references>
+ <dates>
+ <discovery>2018-12-11</discovery>
+ <entry>2018-12-14</entry>
+ </dates>
+ </vuln>
+
<vuln vid="757e6ee8-ff91-11e8-a148-001b217b3468">
<topic>Gitlab -- Arbitrary File read in GitLab project import with Git LFS</topic>
<affects>
More information about the svn-ports-all
mailing list