diff options
| author | Bernard Spil <brnrd@FreeBSD.org> | 2024-05-21 09:14:46 +0000 |
|---|---|---|
| committer | Bernard Spil <brnrd@FreeBSD.org> | 2024-05-21 09:14:46 +0000 |
| commit | 399890025b720aeb22a3694f1ac814f28d07a008 (patch) | |
| tree | 73def8d4dc2bf28be54d0e151608db73aa9fb864 | |
| parent | 1f80c1e07e41980a9d498b3b834a5684ebd1b047 (diff) | |
| download | ports-399890025b720aeb22a3694f1ac814f28d07a008.tar.gz ports-399890025b720aeb22a3694f1ac814f28d07a008.zip | |
security/vuxml: Document Roundcube XSS
| -rw-r--r-- | security/vuxml/vuln/2024.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index de6628e8d9e9..a3c894d13d87 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,31 @@ + <vuln vid="e020b0fd-1751-11ef-a490-84a93843eb75"> + <topic>Roundcube -- Cross-site scripting vulnerabilities</topic> + <affects> + <package> + <name>roundcube</name> + <range><lt>1.6.7,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Roundcube project reports:</p> + <blockquote cite="https://roundcube.net/news/2024/05/19/security-updates-1.6.7-and-1.5.7"> + <p>cross-site scripting (XSS) vulnerability in handling SVG + animate attributes.</p> + <p>cross-site scripting (XSS) vulnerability in handling list + columns from user preferences.</p> + </blockquote> + </body> + </description> + <references> + <url>https://roundcube.net/news/2024/05/19/security-updates-1.6.7-and-1.5.7</url> + </references> + <dates> + <discovery>2024-05-19</discovery> + <entry>2024-05-21</entry> + </dates> + </vuln> + <vuln vid="d58455cc-159e-11ef-83d8-4ccc6adda413"> <topic>qt5-webengine -- Multiple vulnerabilities</topic> <affects> |