[Debian-med-packaging] Bug#742859: XSS vulnerability in open-flash-chart.swf (CVE-2013-1636)
Thijs Kinkhorst
thijs at debian.org
Fri Mar 28 07:16:51 UTC 2014
Package: biomaj-watcher
Severity: important
Tags: security
Hi,
the following vulnerability was published for biomaj-watcher.
CVE-2013-1636[0]:
| Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in
| Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link
| Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component
| 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through
| 4.3.3, allows remote attackers to inject arbitrary web script or HTML
| via the get-data parameter.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1636
https://security-tracker.debian.org/tracker/CVE-2013-1636
Please adjust the affected versions in the BTS as needed.
Cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/debian-med-packaging/attachments/20140328/7a8ab84d/attachment.sig>
More information about the Debian-med-packaging
mailing list