Описание
Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apt-cacher-ng | fixed | 3.7.5-1 | package | |
| apt-cacher-ng | no-dsa | bookworm | package | |
| apt-cacher-ng | postponed | bullseye | package |
Примечания
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-apt-cacher-ng
https://salsa.debian.org/blade/apt-cacher-ng/-/commit/b03d9a3ab326aad2538f42d2831b3114b830912b (upstream/3.7.5)
EPSS
Связанные уязвимости
Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.
Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.
Reflected Cross-site scripting (XSS) in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts (XSS) in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”.
EPSS