From db6a0aa5842fa222cfd08ebfe42e93eb6e26cdcd Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Sat, 15 Jun 2013 15:36:04 +0200
Subject: [PATCH] Fix #189 VideoJS XSS in Themes

---
 data/theme_vulns.xml | 53 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/data/theme_vulns.xml b/data/theme_vulns.xml
index a5e22e7d..2198250e 100644
--- a/data/theme_vulns.xml
+++ b/data/theme_vulns.xml
@@ -3,6 +3,59 @@
 <vulnerabilities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:noNamespaceSchemaLocation="vuln.xsd">
 
+  <theme name="crius">
+    <vulnerability>
+      <title>VideoJS Cross-Site Scripting Vulnerability</title>
+      <reference>http://secunia.com/advisories/53427/</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/May/77</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+  
+  <theme name="source">
+    <vulnerability>
+      <title>VideoJS Cross-Site Scripting Vulnerability</title>
+      <reference>http://secunia.com/advisories/53457/</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/May/77</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+  
+  <theme name="i-love-it">
+    <vulnerability>
+      <title>VideoJS Cross-Site Scripting Vulnerability</title>
+      <reference>http://secunia.com/advisories/53548/</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/May/77</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+  
+  <theme name="smartstart">
+    <vulnerability>
+      <title>VideoJS Cross-Site Scripting Vulnerability</title>
+      <reference>http://secunia.com/advisories/53460/</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/May/77</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+  
+  <theme name="covertvideopress">
+    <vulnerability>
+      <title>VideoJS Cross-Site Scripting Vulnerability</title>
+      <reference>http://secunia.com/advisories/53494/</reference>
+      <reference>http://seclists.org/fulldisclosure/2013/May/77</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+  
+  <theme name="photolio">
+    <vulnerability>
+      <title>VideoJS Cross-Site Scripting Vulnerability</title>
+      <reference>http://seclists.org/fulldisclosure/2013/May/77</reference>
+      <type>XSS</type>
+    </vulnerability>
+  </theme>
+  
   <theme name="onepagewebsite">
     <vulnerability>
       <title>onepagewebsite Full Path Disclosure vulnerability</title>