Date: Fri, 25 Jan 2013 02:08:57 +0000 (UTC) From: Wesley Shields <wxs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r310957 - head/security/vuxml Message-ID: <201301250208.r0P28vrj075328@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: wxs Date: Fri Jan 25 02:08:56 2013 New Revision: 310957 URL: http://svnweb.freebsd.org/changeset/ports/310957 Log: Fix whitespace in previous commit. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jan 25 01:26:37 2013 (r310956) +++ head/security/vuxml/vuln.xml Fri Jan 25 02:08:56 2013 (r310957) @@ -63,12 +63,12 @@ Note: Please add new entries to the beg <body xmlns="http://www.w3.org/1999/xhtml">; <p>Cross-site scripting (XSS) vulnerability</p> <blockquote cite="https://www.django-cms.org/en/blog/2012/12/04/2-3-5-security-release/">; - <p>Jonas Obrist reports: The security issue -allows users with limited admin access to elevate their privileges through XSS -injection using the page_attribute template tag. Only users with admin access -and the permission to edit at least one django CMS page object could exploit -this vulnerability. Websites that do not use the page_attribute template tag are -not affected.</p> + <p>Jonas Obrist reports: The security issue allows users with limited + admin access to elevate their privileges through XSS injection + using the page_attribute template tag. Only users with admin access + and the permission to edit at least one django CMS page object + could exploit this vulnerability. Websites that do not use the + page_attribute template tag are not affected.</p> </blockquote> </body> </description>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301250208.r0P28vrj075328>