Summary: | <app-admin/usermin-1.600: Popup Windows Cross-Site Scripting Vulnerabilities (CVE-2014-{3883,3884}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | tomwij |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/58917/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-05-27 15:32:59 UTC
+ 28 May 2014; Tom Wijsman <TomWij@gentoo.org> +usermin-1.600.ebuild, + -usermin-1.430.ebuild, -usermin-1.530.ebuild, -usermin-1.540-r1.ebuild, + -usermin-1.540.ebuild, -usermin-1.570.ebuild, -usermin-1.590.ebuild: + Version bump to 1.600, remove old; fixes security bug #511626. Closing as noglsa. CVE-2014-3884 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3884): Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. CVE-2014-3883 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3883): Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. |