Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=5ded4e061cc69bdb963aafc0932bc3339cad8895
commit 5ded4e061cc69bdb963aafc0932bc3339cad8895 Author: voroskoi <[EMAIL PROTECTED]> Date: Wed Jan 23 22:48:21 2008 +0100 FSA365-joomla diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 884ea93..2063830 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -27,6 +27,19 @@ <fsas> <fsa> + <id>365</id> + <date>2008-01-23</date> + <author>voroskoi</author> + <package>joomla</package> + <vulnerable>1.0.13-1</vulnerable> + <unaffected>1.0.13-2sayshell1</unaffected> + <bts>http://bugs.frugalware.org/task/2487</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5427</cve> + <desc>MustLive has discovered a vulnerability in Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. + Input passed to the "searchword" parameter in index.php (when "option" is set to "com_search") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. + Successful exploitation requires that the victim changes the number of search results in a drop-down box, after having clicked on the malicious link.</desc> + </fsa> + <fsa> <id>364</id> <date>2008-01-23</date> <author>voroskoi</author> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
