4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
It was discovered that ejabberd, a distributed, fault-tolerant
Jabber/XMPP server, does not sufficiently sanitise MUC logs, allowing
remote attackers to perform cross-site scripting (XSS) attacks.
The oldstable distribution (etch) is not affected by this issue.
For the stable distribution (lenny), this problem has been fixed in
version 2.0.1-6+lenny1.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 2.0.5-1.
We recommend that you upgrade your ejabberd packages.
CPE | Name | Operator | Version |
---|---|---|---|
ejabberd | eq | 2.0.1-6~bpo40+1 | |
ejabberd | eq | 2.0.1-6+lenny1~bpo40+1 | |
ejabberd | eq | 2.0.1-6 | |
ejabberd | eq | 2.0.1-5 |