Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2414-1
HistoryFeb 25, 2012 - 12:00 a.m.

fex - cross-site scripting

2012-02-2500:00:00
Google
osv.dev
4

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Nicola Fioravanti discovered that F*X, a web service for transferring
very large files, is not properly sanitizing input parameters of the fup
script. An attacker can use this flaw to conduct reflected cross-site
scripting attacks via various script parameters.

For the stable distribution (squeeze), this problem has been fixed in
version 20100208+debian1-1+squeeze3.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed
in version 20120215-1.

We recommend that you upgrade your fex packages.

Related

debian 3
openvas 5
prion 2
debiancve 2
ubuntucve 2
cve 2
securityvulns 2
nessus 1
debian
debian
[BSA-062] Security Update for fex
2012-02-26 15:00:26
[SECURITY] [DSA 2414-1] fex security update
2012-02-21 22:54:21
[SECURITY] [DSA 2414-2] fex regression
2012-02-25 16:10:31
openvas
openvas
F*EX (Frams's Fast File EXchange) < 20111129-2 Multiple XSS Vulnerabilities - Active Check
2012-09-27 00:00:00
Debian: Security Advisory (DSA-2414-1)
2012-03-12 00:00:00
Debian Security Advisory DSA 2414-1 (fex)
2012-03-12 00:00:00
prion
prion
Cross site scripting
2012-09-25 23:55:00
Cross site scripting
2012-09-25 23:55:00
debiancve
debiancve
CVE-2012-1293
2012-09-25 23:55:00
CVE-2012-0869
2012-09-25 23:55:00
ubuntucve
ubuntucve
CVE-2012-0869
2012-09-25 00:00:00
CVE-2012-1293
2012-09-25 00:00:00
cve
cve
CVE-2012-0869
2012-09-25 23:55:00
CVE-2012-1293
2012-09-25 23:55:00
securityvulns
securityvulns
[SECURITY] [DSA 2414-1] fex security update
2012-03-19 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2012-03-19 00:00:00
nessus
nessus
Debian DSA-2414-2 : fex - insufficient input sanitization
2012-02-22 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON
Related for OSV:DSA-2414-1
debian3openvas5prion2debiancve2ubuntucve2cve2securityvulns2nessus1