Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1774-1
HistoryApr 17, 2009 - 12:00 a.m.

ejabberd - cross-site scripting

2009-04-1700:00:00
Google
osv.dev
6

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

It was discovered that ejabberd, a distributed, fault-tolerant
Jabber/XMPP server, does not sufficiently sanitise MUC logs, allowing
remote attackers to perform cross-site scripting (XSS) attacks.

The oldstable distribution (etch) is not affected by this issue.

For the stable distribution (lenny), this problem has been fixed in
version 2.0.1-6+lenny1.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 2.0.5-1.

We recommend that you upgrade your ejabberd packages.

Related

nessus 4
openvas 8
cve 1
fedora 2
debian 3
cvelist 1
prion 1
securityvulns 2
ubuntucve 1
freebsd 1
debiancve 1
nessus
nessus
Debian DSA-1774-1 : ejabberd - insufficient input sanitising
2009-04-17 00:00:00
Fedora 9 : ejabberd-2.0.4-1.fc9 (2009-2747)
2009-03-19 00:00:00
Fedora 10 : ejabberd-2.0.4-1.fc10 (2009-2746)
2009-04-23 00:00:00
openvas
openvas
Fedora Core 9 FEDORA-2009-2747 (ejabberd)
2009-03-20 00:00:00
Debian Security Advisory DSA 1774-1 (ejabberd)
2009-04-20 00:00:00
FreeBSD Ports: ejabberd
2009-04-20 00:00:00
cve
cve
CVE-2009-0934
2009-03-18 02:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: ejabberd-2.0.4-1.fc9
2009-03-18 19:02:21
[SECURITY] Fedora 10 Update: ejabberd-2.0.4-1.fc10
2009-03-18 19:17:50
debian
debian
[Backports-security-announce] Security Update for ejabberd
2009-04-20 14:16:57
[SECURITY] [DSA 1774-1] New ejabberd packages fix cross-site scripting
2009-04-17 07:13:07
[Backports-security-announce] Security Update for ejabberd
2009-04-20 15:00:11
cvelist
cvelist
CVE-2009-0934
2009-03-18 01:00:00
prion
prion
Cross site scripting
2009-03-18 02:00:00
securityvulns
securityvulns
ejabberd crossite scripting
2009-04-18 00:00:00
[SECURITY] [DSA 1774-1] New ejabberd packages fix cross-site scripting
2009-04-18 00:00:00
ubuntucve
ubuntucve
CVE-2009-0934
2009-03-18 00:00:00
freebsd
freebsd
ejabberd -- cross-site scripting vulnerability
2009-03-16 00:00:00
debiancve
debiancve
CVE-2009-0934
2009-03-18 02:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON
Related for OSV:DSA-1774-1
nessus4openvas8cve1fedora2debian3cvelist1prion1securityvulns2ubuntucve1freebsd1debiancve1