Date: Sun, 20 Jan 2019 01:05:17 +0000 (UTC) From: Larry Rosenman <ler@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r490767 - head/security/vuxml Message-ID: <201901200105.x0K15H77011783@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ler Date: Sun Jan 20 01:05:17 2019 New Revision: 490767 URL: https://svnweb.freebsd.org/changeset/ports/490767 Log: security/vuxml: Document joomla 3 vulnerabilities. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Jan 20 01:04:39 2019 (r490766) +++ head/security/vuxml/vuln.xml Sun Jan 20 01:05:17 2019 (r490767) @@ -58,6 +58,47 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6aa398d0-1c4d-11e9-96dd-a4badb296695"> + <topic>joomla3 -- vulnerabilitiesw</topic> + <affects> + <package> + <name>joomla3</name> + <range><lt>3.9.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>JSST reports:</p> + <blockquote cite="https://developer.joomla.org/security-centre/760-00190101-core-stored-xss-in-mod-banners.html"> + <p>Inadequate escaping in mod_banners leads to a stored XSS vulnerability.</p> + </blockquote> + <blockquote cite="https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact.html"> + <p>Inadequate escaping in com_contact leads to a stored XSS vulnerability</p> + </blockquote> + <blockquote cite="https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings.html"> + <p>Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.</p> + </blockquote> + <blockquote cite="https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-issue-in-the-global-configuration-help-url.html"> + <p>Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.</p> + </blockquote> + </body> + </description> + <references> + <url>https://developer.joomla.org/security-centre/760-00190101-core-stored-xss-in-mod-banners.html</url> + <cvename>CVE-2019-6264</cvename> + <url>https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact.html</url> + <cvename>CVE-2019-6261</cvename> + <url>https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings.html</url> + <cvename>CVE-2019-6263</cvename> + <url>https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-issue-in-the-global-configuration-help-url.html</url> + <cvename>CVE-2019-6262</cvename> + </references> + <dates> + <discovery>2018-12-01</discovery> + <entry>2019-01-20</entry> + </dates> + </vuln> + <vuln vid="e00ed3d9-1c27-11e9-a257-000ffec0b3e1"> <topic>drupal -- Drupal core - Arbitrary PHP code execution</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901200105.x0K15H77011783>