CVE-2014-9760

Опубликовано: 13 фев. 2017

Источник: debian

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gosa	fixed	2.7.4+reloaded1-5		package
gosa	fixed	2.7.4-4.3~deb7u2	wheezy	package
gosa	fixed	2.6.11-3+squeeze4	squeeze	package

Примечания

Fixed in 2.7.4+reloaded1-3 with follow-up fix in 2.7.4+reloaded1-5
https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732

EPSS

Процентиль: 61%

0.00413

Низкий

Связанные уязвимости

CVE-2014-9760

CVSS3: 6.1

ubuntu

почти 9 лет назад

Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.

CVE-2014-9760

CVSS3: 6.1

nvd

почти 9 лет назад

Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.

GHSA-6wxq-vf75-xrch

CVSS3: 6.1

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.

EPSS

Процентиль: 61%

0.00413

Низкий