Back to search
CVE-2018-1000528
Published: Jun 26, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-4239
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20180720 [SECURITY] [DLA 1436-1] gosa security update
mailing-list
x_refsource_MLIST
https://github.com/gosa-project/gosa-core/issues/14
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now