This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
A Bugzilla Security Advisory reports :
- Sometimes the information put into the <h1> and <h2> tags in
Bugzilla was not properly escaped, leading to a possible XSS
- Bugzilla administrators were allowed to put raw, unfiltered HTML
into many fields in Bugzilla, leading to a possible XSS vulnerability.
Now, the HTML allowed in those fields is limited.
- attachment.cgi could leak the names of private attachments
- The 'deadline' field was visible in the XML format of a bug, even to
users who were not a member of the 'timetrackinggroup.'
- A malicious user could pass a URL to an admin, and make the admin
delete or change something that he had not intended to delete or
- It is possible to inject arbitrary HTML into the
showdependencygraph.cgi page, allowing for a cross-site scripting
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: FreeBSD Local Security Checks
Nessus Plugin ID: 23664 (freebsd_pkg_6d68618a719911dba2ad000c6ec775d9.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now