FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
97c3a452-6e36-11d9-8324-000a95bc6fae	bugzilla -- cross-site scripting vulnerability A Bugzilla advisory states: This advisory covers a single cross-site scripting issue that has recently been discovered and fixed in the Bugzilla code: If a malicious user links to a Bugzilla site using a specially crafted URL, a script in the error page generated by Bugzilla will display the URL unaltered in the page, allowing scripts embedded in the URL to execute. Discovery 2004-12-01 Entry 2005-01-24 bugzilla ja-bugzilla < 2.16.8 >= 2.17.* lt 2.18 CVE-2004-1061 http://www.bugzilla.org/security/2.16.7-nr/ https://bugzilla.mozilla.org/show_bug.cgi?id=272620
6d68618a-7199-11db-a2ad-000c6ec775d9	bugzilla -- multiple vulnerabilities A Bugzilla Security Advisory reports: Sometimes the information put into the and tags in Bugzilla was not properly escaped, leading to a possible XSS vulnerability. Bugzilla administrators were allowed to put raw, unfiltered HTML into many fields in Bugzilla, leading to a possible XSS vulnerability. Now, the HTML allowed in those fields is limited. attachment.cgi could leak the names of private attachments The "deadline" field was visible in the XML format of a bug, even to users who were not a member of the "timetrackinggroup." A malicious user could pass a URL to an admin, and make the admin delete or change something that he had not intended to delete or change. It is possible to inject arbitrary HTML into the showdependencygraph.cgi page, allowing for a cross-site scripting attack. Discovery 2006-10-15 Entry 2006-11-11 bugzilla ja-bugzilla > 2.* lt 2.22.1 CVE-2006-5453 CVE-2006-5454 CVE-2006-5455 http://www.bugzilla.org/security/2.18.5/

VuXML ID

Description

97c3a452-6e36-11d9-8324-000a95bc6fae

bugzilla -- cross-site scripting vulnerability

A Bugzilla advisory states:

This advisory covers a single cross-site scripting issue that has recently been discovered and fixed in the Bugzilla code: If a malicious user links to a Bugzilla site using a specially crafted URL, a script in the error page generated by Bugzilla will display the URL unaltered in the page, allowing scripts embedded in the URL to execute.

Discovery 2004-12-01
Entry 2005-01-24
bugzilla
ja-bugzilla

< 2.16.8

>= 2.17.* lt 2.18

CVE-2004-1061
http://www.bugzilla.org/security/2.16.7-nr/
https://bugzilla.mozilla.org/show_bug.cgi?id=272620

6d68618a-7199-11db-a2ad-000c6ec775d9

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports:

Sometimes the information put into the
and
tags in Bugzilla was not properly escaped, leading to a possible XSS vulnerability.

Bugzilla administrators were allowed to put raw, unfiltered HTML into many fields in Bugzilla, leading to a possible XSS vulnerability. Now, the HTML allowed in those fields is limited.

attachment.cgi could leak the names of private attachments

The "deadline" field was visible in the XML format of a bug, even to users who were not a member of the "timetrackinggroup."

A malicious user could pass a URL to an admin, and make the admin delete or change something that he had not intended to delete or change.

It is possible to inject arbitrary HTML into the showdependencygraph.cgi page, allowing for a cross-site scripting attack.

Discovery 2006-10-15
Entry 2006-11-11
bugzilla
ja-bugzilla

> 2.* lt 2.22.1

CVE-2006-5453
CVE-2006-5454
CVE-2006-5455
http://www.bugzilla.org/security/2.18.5/