[Secure-testing-commits] r7853 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Mon Jan 7 21:06:28 UTC 2008
Author: thijs
Date: 2008-01-07 21:06:28 +0000 (Mon, 07 Jan 2008)
New Revision: 7853
Modified:
data/CVE/list
Log:
phpsysinfo does not have any cookie based authentication from itself,
hence an XSS cannot do as much harm as it can when psi is embeded in an
application that does such a thing.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-07 20:21:38 UTC (rev 7852)
+++ data/CVE/list 2008-01-07 21:06:28 UTC (rev 7853)
@@ -7291,6 +7291,8 @@
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...)
{DTSA-58-1}
- phpsysinfo 2.5.1-6.1 (low; bug #435935)
+ [etch] - phpsysinfo <no-dsa> (Minor issue, does not have valuable cookies)
+ [sarge] - phpsysinfo <no-dsa> (Minor issue, does not have valuable cookies)
- phpgroupware 0.9.16.012-1 (low; bug #435936)
- egroupware-phpsysinfo 1.2.107-2.dfsg-1.1 (low; bug #435937)
CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) ...)
More information about the Secure-testing-commits
mailing list