Date: Fri, 21 Oct 2022 10:23:01 GMT From: Florian Smeets <flo@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: aa9e5247ae52 - main - security/vuxml: Document vulnerabilities in phpmyfaq Message-ID: <202210211023.29LAN1Fe032327@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by flo: URL: https://cgit.FreeBSD.org/ports/commit/?id=aa9e5247ae5213b9c5c533c186f0f483cc70b388 commit aa9e5247ae5213b9c5c533c186f0f483cc70b388 Author: Florian Smeets <flo@FreeBSD.org> AuthorDate: 2022-10-21 10:14:20 +0000 Commit: Florian Smeets <flo@FreeBSD.org> CommitDate: 2022-10-21 10:14:20 +0000 security/vuxml: Document vulnerabilities in phpmyfaq --- security/vuxml/vuln-2022.xml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 22d57e92a254..1f7f14590b27 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,29 @@ + <vuln vid="c253c4aa-5126-11ed-8a21-589cfc0f81b0"> + <topic>phpmyfaq -- CSRF vulnerability</topic> + <affects> + <package> + <name>phpmyfaq</name> + <range><lt>3.1.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>phpmyfaq developers report:</p> + <blockquote cite="https://www.phpmyfaq.de/security/advisory-2022-10-02">; + <p> phpMyFAQ does not implement sufficient checks to avoid + CSRF when logging out an user.</p> + </blockquote> + </body> + </description> + <references> + <url>https://huntr.dev/bounties/76095ac1-da12-449b-9564-4a086be96592/</url>; + </references> + <dates> + <discovery>2022-10-02</discovery> + <entry>2022-10-21</entry> + </dates> + </vuln> + <vuln vid="d6d088c9-5064-11ed-bade-080027881239"> <topic>Python -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202210211023.29LAN1Fe032327>