2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
Multiple cross-site scripting (XSS) vulnerabilities have been discovered
in extplorer, a web file explorer and manager using Ext JS.
A remote attacker can inject arbitrary web script or HTML code via a
crafted string in the URL to application.js.php, admin.php, copy_move.php,
functions.php, header.php and upload.php.
For the oldstable distribution (squeeze), this problem has been fixed in
version 2.1.0b6+dfsg.2-1+squeeze2.
For the stable distribution (wheezy), this problem has been fixed in
version 2.1.0b6+dfsg.3-4+deb7u1.
For the unstable distribution (sid), this problem will be fixed soon.
We recommend that you upgrade your extplorer packages.
CPE | Name | Operator | Version |
---|---|---|---|
extplorer | eq | 2.1.0b6+dfsg.3-4 |