GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001.
References
Link | Resource |
---|---|
https://github.com/gosa-project/gosa-core/issues/14 | Third Party Advisory |
https://github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001 | Patch Third Party Advisory |
https://www.debian.org/security/2018/dsa-4239 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/07/msg00028.html | Mailing List Third Party Advisory |
Information
Published : 2018-06-26 09:29
Updated : 2018-08-30 09:06
NVD link : CVE-2018-1000528
Mitre link : CVE-2018-1000528
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
debian
- debian_linux
gonicus
- gosa