CVE-2018-1000528

🗓️ 26 Jun 2018 16:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 71 Views🌐 WEB

GONICUS GOsa XSS vuln in change password for

Reporter	Title	Published	Views	Family All 22
CNVD	GONICUS Gosa Cross-Site Scripting Vulnerability	9 Jul 201800:00	–	cnvd
Cvelist	CVE-2018-1000528	26 Jun 201816:00	–	cvelist
Debian	[SECURITY] [DLA 1436-1] gosa security update	20 Jul 201822:07	–	debian
Debian	[SECURITY] [DSA 4239-1] gosa security update	3 Jul 201821:05	–	debian
Debian CVE	CVE-2018-1000528	26 Jun 201816:00	–	debiancve
Tenable Nessus	Debian DLA-1436-1 : gosa security update	23 Jul 201800:00	–	nessus
Tenable Nessus	Debian DSA-4239-1 : gosa - security update	5 Jul 201800:00	–	nessus
Tenable Nessus	Ubuntu 16.04 LTS : GOsa vulnerabilities (USN-4609-1)	29 Oct 202000:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2018-1000528	25 Aug 202500:00	–	nessus
EUVD	EUVD-2018-1921	7 Oct 202500:30	–	euvd

NVD

Node

debian debian_linuxMatch8.0

OR

debian debian_linuxMatch9.0

Node

gonicus gosaMatch-

Source	Link
github	www.github.com/gosa-project/gosa-core/commit/56070d6289d47ba3f5918885954dcceb75606001
github	www.github.com/gosa-project/gosa-core/issues/14
debian	www.debian.org/security/2018/dsa-4239
lists	www.lists.debian.org/debian-lts-announce/2018/07/msg00028.html

Parameter	Position	Path	Description	CWE
password	request body	html/password.php	Cross-site scripting vulnerability in the change password form that can inject arbitrary scripts via user input.	CWE-79
new_password	request body	html/password.php	Cross-site scripting vulnerability in the change password form that can inject arbitrary scripts via user input.	CWE-79
confirm_password	request body	html/password.php	Cross-site scripting vulnerability in the change password form that can inject arbitrary scripts via user input.	CWE-79

21 Nov 2024 03:40Current

6.2Medium risk

Vulners AI Score6.2

CVSS 24.3

CVSS 36.1

EPSS0.00485

cve-2018-1000528 gonicus gosa cross site scripting xss html injection nvd vulnerability security