FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pyblosxom -- atom flavor multiple XML injection vulnerabilities

Affected packages
pyblosxom < 1.5.r3


VuXML ID b07f3254-f83a-11dd-85a4-ea653f0746ab
Discovery 2009-02-09
Entry 2009-02-11

Security Focus reports:

PyBlosxom is prone to multiple XML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied XML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.


Bugtraq ID 33676