FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
df328fac-f942-11e5-92ce-002590263bf5	py-djblets -- Self-XSS vulnerability Djblets Release Notes reports: A recently-discovered vulnerability in the datagrid templates allows an attacker to generate a URL to any datagrid page containing malicious code in a column sorting value. If the user visits that URL and then clicks that column, the code will execute. The cause of the vulnerability was due to a template not escaping user-provided values. Discovery 2016-03-01 Entry 2016-04-03 py27-djblets py32-djblets py33-djblets py34-djblets py35-djblets < 0.9.2 https://www.reviewboard.org/docs/releasenotes/djblets/0.9.2/

VuXML ID

Description

df328fac-f942-11e5-92ce-002590263bf5

py-djblets -- Self-XSS vulnerability

Djblets Release Notes reports:

A recently-discovered vulnerability in the datagrid templates allows an attacker to generate a URL to any datagrid page containing malicious code in a column sorting value. If the user visits that URL and then clicks that column, the code will execute.

The cause of the vulnerability was due to a template not escaping user-provided values.

Discovery 2016-03-01
Entry 2016-04-03
py27-djblets
py32-djblets
py33-djblets
py34-djblets
py35-djblets

< 0.9.2

https://www.reviewboard.org/docs/releasenotes/djblets/0.9.2/