Date: Thu, 19 Mar 2009 05:38:01 GMT From: Mark Foster <mark@foster.cc> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/132800: vuxml submission for net-im/ejabberd Message-ID: <200903190538.n2J5c1PV012551@www.freebsd.org> Resent-Message-ID: <200903190540.n2J5e2in003817@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 132800 >Category: ports >Synopsis: vuxml submission for net-im/ejabberd >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Mar 19 05:40:01 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Mark Foster >Release: 7.1 RELEASE >Organization: Credentia >Environment: >Description: >How-To-Repeat: >Fix: <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; <vuln vid="3af16c5f-306c-4df6-875c-3ffbb59af8a8"> <topic>ejabberd -- ejabberd MUC Logs Cross Site Scripting Vulnerability</topic> <affects> <package> <name>ejabberd</name> <range><lt>2.0.4</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml">; <p>SecurityFocus reports:</p> <blockquote cite="http://www.securityfocus.com/bid/34133">; <p>The ejabberd application is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.</p> </blockquote> </body> </description> <references> <bid>34133</bid> <cvename>CVE-2009-0934</cvename> <url>http://www.securityfocus.com/bid/34133</url>; </references> <dates> <discovery>2009-03-16</discovery> <entry>2009-03-18</entry> </dates> </vuln> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200903190538.n2J5c1PV012551>