diff options
author | Florian Smeets <flo@FreeBSD.org> | 2022-02-27 16:43:37 +0000 |
---|---|---|
committer | Florian Smeets <flo@FreeBSD.org> | 2022-02-27 16:43:37 +0000 |
commit | 6bc3ad4d7cdbfa9a92cacf04e12d6ade466e1900 (patch) | |
tree | a69fb7285a4b3523ed1b88df69340d2616b0028b | |
parent | 690a30e50607de8c4d2e2728f7ea4b5692d17426 (diff) | |
download | ports-6bc3ad4d7cdbfa9a92cacf04e12d6ade466e1900.tar.gz ports-6bc3ad4d7cdbfa9a92cacf04e12d6ade466e1900.zip |
security/vuxml: Document TYPO3 vulnerabilities
PR: 262196, 262197
-rw-r--r-- | security/vuxml/vuln-2022.xml | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index ee851c6b3bc8..bab1342e8038 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,40 @@ + <vuln vid="0eab001a-9708-11ec-96c9-589cfc0f81b0"> + <topic>typo3 -- XSS vulnerability in svg-sanitize</topic> + <affects> + <package> + <name>typo3-10-php74</name> + <range><lt>10.4.25</lt></range> + </package> + <package> + <name>typo3-11-php74</name> + <name>typo3-11-php80</name> + <name>typo3-11-php81</name> + <range><lt>11.5.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The TYPO3 project reports:</p> + <blockquote cite="https://typo3.org/article/typo3-psa-2022-001"> + <p>The SVG sanitizer library enshrined/svg-sanitize before version + 0.15.0 did not remove HTML elements wrapped in a CDATA section. + As a result, SVG content embedded in HTML (fetched as text/html) + was susceptible to cross-site scripting. Plain SVG files + (fetched as image/svg+xml) were not affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-23638</cvename> + <url>https://github.com/typo3/typo3/commit/9940defb21</url> + <url>https://typo3.org/article/typo3-psa-2022-001</url> + </references> + <dates> + <discovery>2022-02-22</discovery> + <entry>2022-02-27</entry> + </dates> + </vuln> + <vuln vid="d71d154a-8b83-11ec-b369-6c3be5272acd"> <topic>Grafana -- Teams API IDOR</topic> <affects> |