FreeBSD : Bugzilla security issues (54075861-a95a-11e5-8b40-20cf30e32f6d)
Medium Nessus Plugin ID 87612
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionBugzilla Security Advisory
During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used.
With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap function generates. This could be used for a cross-site scripting attack.
SolutionUpdate the affected packages.