Lucene search

GoogleOSV:DSA-2882-1

HistoryMar 20, 2014 - 12:00 a.m.

extplorer - security update

2014-03-2000:00:00

Google

osv.dev

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

JSON

Multiple cross-site scripting (XSS) vulnerabilities have been discovered
in extplorer, a web file explorer and manager using Ext JS.
A remote attacker can inject arbitrary web script or HTML code via a
crafted string in the URL to application.js.php, admin.php, copy_move.php,
functions.php, header.php and upload.php.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2.1.0b6+dfsg.2-1+squeeze2.

For the stable distribution (wheezy), this problem has been fixed in
version 2.1.0b6+dfsg.3-4+deb7u1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your extplorer packages.

CPENameOperatorVersion
extplorereq2.1.0b6+dfsg.3-4

CPE	Name	Operator	Version
	extplorer	eq	2.1.0b6+dfsg.3-4

References

www.debian.org/security/2014/dsa-2882

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

JSON

Related for OSV:DSA-2882-1