git: 6580c2aea5d0 - main - security/vuxml: Document TinyMCE vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 23 Jan 2024 14:42:39 UTC
The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=6580c2aea5d02c593bb97356fff913bebd7db1e6 commit 6580c2aea5d02c593bb97356fff913bebd7db1e6 Author: Bernard Spil <brnrd@FreeBSD.org> AuthorDate: 2024-01-23 14:42:22 +0000 Commit: Bernard Spil <brnrd@FreeBSD.org> CommitDate: 2024-01-23 14:42:22 +0000 security/vuxml: Document TinyMCE vulnerability * Note that www/tinymce is not affected * Document supply-chain vuln in Roundcube --- security/vuxml/vuln/2024.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index e3c11b39176a..4cb15696c65e 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,36 @@ + <vuln vid="9532a361-b84d-11ee-b0d7-84a93843eb75"> + <topic>TinyMCE -- mXSS in multiple plugins</topic> + <affects> + <package> + <name>tinymce</name> + <range><lt>6.7.3</lt></range> + </package> + <package> + <name>roundcube</name> + <range><lt>1.6.6,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>TinyMCE reports:</p> + <blockquote cite="https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8"> + <p>Special characters in unescaped text nodes can trigger mXSS + when using TinyMCE undo/redo, getContentAPI, resetContentAPI, + and Autosave plugin</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2023-48219</cvename> + <url>https://github.com/tinymce/tinymce/security/advisories/GHSA-v626-r774-j7f8</url> + <url>https://github.com/roundcube/roundcubemail/releases/tag/1.6.6</url> + </references> + <dates> + <discovery>2023-11-15</discovery> + <entry>2024-01-23</entry> + </dates> + </vuln> + <vuln vid="fedf7e71-61bd-49ec-aaf0-6da14bdbb319"> <topic>zeek -- potential DoS vulnerability</topic> <affects>