diff options
| author | Jason Unovitch <junovitch@FreeBSD.org> | 2015-10-05 03:09:24 +0000 |
|---|---|---|
| committer | Jason Unovitch <junovitch@FreeBSD.org> | 2015-10-05 03:09:24 +0000 |
| commit | e8566ce03806b12785e40970e0eace5e6b5b1b02 (patch) | |
| tree | f6a554bfc855d706eab5d1f4da207c9d62089a64 | |
| parent | Update to 5.7.2 (diff) | |
Document 20150910 Plone advisories
PR: 203255
Security: 6b3374d4-6b0b-11e5-9909-002590263bf5
Notes
Notes:
svn path=/head/; revision=398628
| -rw-r--r-- | security/vuxml/vuln.xml | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index fe1d3116e9fc..bc45a6bf8c9a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,48 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6b3374d4-6b0b-11e5-9909-002590263bf5"> + <topic>plone -- multiple vulnerabilities</topic> + <affects> + <package> + <name>plone</name> + <range><lt>4.3.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Plone.org reports:</p> + <blockquote cite="https://plone.org/products/plone/security/advisories/20150910-announcement"> + <p>Versions Affected: All current Plone versions.</p> + <p>Versions Not Affected: None.</p> + <p>Nature of vulnerability: Allows creation of members by anonymous + users on sites that have self-registration enabled, allowing bypass + of CAPTCHA and similar protections against scripted attacks.</p> + <p>The patch can be added to buildouts as Products.PloneHotfix20150910 + (available from PyPI) or downloaded from Plone.org.</p> + <p>Immediate Measures You Should Take: Disable self-registration until + you have applied the patch.</p> + </blockquote> + <blockquote cite="https://plone.org/security/20150910/non-persistent-xss-in-plone"> + <p>Plone's URL checking infrastructure includes a method for checking + if URLs valid and located in the Plone site. By passing HTML into + this specially crafted url, XSS can be achieved.</p> + </blockquote> + </body> + </description> + <references> + <freebsdpr>ports/203255</freebsdpr> + <url>https://plone.org/products/plone-hotfix/releases/20150910</url> + <url>https://plone.org/products/plone/security/advisories/20150910-announcement</url> + <url>https://plone.org/security/20150910/non-persistent-xss-in-plone</url> + <url>https://github.com/plone/Products.CMFPlone/commit/3da710a2cd68587f0bf34f2e7ea1167d6eeee087</url> + </references> + <dates> + <discovery>2015-09-10</discovery> + <entry>2015-10-05</entry> + </dates> + </vuln> + <vuln vid="c1da8b75-6aef-11e5-9909-002590263bf5"> <topic>php -- multiple vulnerabilities</topic> <affects> |