svn commit: r534722 - head/security/vuxml
Jochen Neumeister
joneum at FreeBSD.org
Sat May 9 08:23:46 UTC 2020
Author: joneum
Date: Sat May 9 08:23:42 2020
New Revision: 534722
URL: https://svnweb.freebsd.org/changeset/ports/534722
Log:
add entry for www/glpi
PR: 244971
Sponsored by: Netzkommune GmbH
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sat May 9 08:10:47 2020 (r534721)
+++ head/security/vuxml/vuln.xml Sat May 9 08:23:42 2020 (r534722)
@@ -58,6 +58,34 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="d222241d-91cc-11ea-82b8-4c72b94353b5">
+ <topic>glpi -- stored XSS</topic>
+ <affects>
+ <package>
+ <name>glpi</name>
+ <range><lt>9.4.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE Corporation reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13239">
+ <p>inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/glpi-project/glpi/commit/c2aa7a7cd6af28be3809acc7e7842d2d2008c0fb</url>
+ <url>https://www.synacktiv.com/ressources/advisories/GLPI_9.4.0_stored_XSS.pdf</url>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13239</url>
+ <cvename>CVE-2019-13239</cvename>
+ </references>
+ <dates>
+ <discovery>2019-02-25</discovery>
+ <entry>2020-05-09</entry>
+ </dates>
+ </vuln>
+
<vuln vid="1a6b7641-aed2-4ba1-96f4-c282d5b09c37">
<topic>zeek -- Various vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list