thr3ads.net - Secure testing commits - [Secure-testing-commits] r6597

If this information is useful, please help other people find it:
Share via:

white at alioth.debian.org

2007-Sep-12 14:17 UTC

[Secure-testing-commits] r6597 - data/DTSA/advs

Author: white
Date: 2007-09-12 14:17:13 +0000 (Wed, 12 Sep 2007)
New Revision: 6597

Added:
   data/DTSA/advs/58-phpgroupware.adv
Log:
Add .adv file for DTSA-58-1

Added: data/DTSA/advs/58-phpgroupware.adv
==================================================================---
data/DTSA/advs/58-phpgroupware.adv	                        (rev 0)
+++ data/DTSA/advs/58-phpgroupware.adv	2007-09-12 14:17:13 UTC (rev 6597)
@@ -0,0 +1,20 @@
+source: phpgroupware
+date: September 13th, 2007
+author: Steffen Joeris
+vuln-type: cross scripting vulnerability
+problem-scope: remote
+debian-specifc: no
+cve: CVE-2007-4048
+vendor-advisory:
+testing-fix: 0.9.16.011-3lenny2
+sid-fix: 2.5.1-6.1
+upgrade: apttitude upgrade
+
+It was discovered that there is a cross-site scripting vulnerability
+that allows remote attackers to inject arbitrary web script or HTML.
+
+CVE-2007-4048
+
+Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 
+2.5.4-dev and earlier allows remote attackers to inject arbitrary web 
+script or HTML via the PATH_INFO.

Secure testing commits - Sep 2007 - r6597 - data/DTSA/advs

[Secure-testing-commits] r6597 - data/DTSA/advs