[Secure-testing-commits] r6597 - data/DTSA/advs
white at alioth.debian.org
white at alioth.debian.org
Wed Sep 12 14:17:13 UTC 2007
Author: white
Date: 2007-09-12 14:17:13 +0000 (Wed, 12 Sep 2007)
New Revision: 6597
Added:
data/DTSA/advs/58-phpgroupware.adv
Log:
Add .adv file for DTSA-58-1
Added: data/DTSA/advs/58-phpgroupware.adv
===================================================================
--- data/DTSA/advs/58-phpgroupware.adv (rev 0)
+++ data/DTSA/advs/58-phpgroupware.adv 2007-09-12 14:17:13 UTC (rev 6597)
@@ -0,0 +1,20 @@
+source: phpgroupware
+date: September 13th, 2007
+author: Steffen Joeris
+vuln-type: cross scripting vulnerability
+problem-scope: remote
+debian-specifc: no
+cve: CVE-2007-4048
+vendor-advisory:
+testing-fix: 0.9.16.011-3lenny2
+sid-fix: 2.5.1-6.1
+upgrade: apttitude upgrade
+
+It was discovered that there is a cross-site scripting vulnerability
+that allows remote attackers to inject arbitrary web script or HTML.
+
+CVE-2007-4048
+
+Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo
+2.5.4-dev and earlier allows remote attackers to inject arbitrary web
+script or HTML via the PATH_INFO.
More information about the Secure-testing-commits
mailing list