Опубликовано: 17 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 5.1
CVSS3: 5.4
Описание
Ajenti Cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Ajenti before 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-2260
- https://github.com/Eugeny/ajenti/issues/233
- https://github.com/ajenti/ajenti/issues/233
- https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310
- https://github.com/ajenti/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310
- https://github.com/pypa/advisory-database/tree/main/vulns/ajenti/PYSEC-2014-98.yaml
- https://web.archive.org/web/20200229062920/http://www.securityfocus.com/bid/64982
- http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html
Пакеты
Наименование
ajenti
pip
Затронутые версииВерсия исправления
< 1.2.15
1.2.15
Связанные уязвимости
nvd
почти 12 лет назад
Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.
debian
почти 12 лет назад
Cross-site scripting (XSS) vulnerability in plugins/main/content/js/aj ...