Cross site scripting

2015-02-0615:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary web script or HTML via the (1) conntrack.cgi, (2) index.cgi, (3) log_syslog.cgi, (4) problems.cgi, (5) status.cgi, (6) status_network.cgi, or (7) status_system.cgi script in admin/.

CPENameOperatorVersion
fli4leq4.0
fli4llt3.10.1

CPE	Name	Operator	Version
	fli4l	eq	4.0
	fli4l	lt	3.10.1

References

seclists.org/oss-sec/2015/q1/376

seclists.org/oss-sec/2015/q1/381

www.fli4l.de/fileadmin/fli4l/security/advisory-FFL-1113.txt

exchange.xforce.ibmcloud.com/vulnerabilities/100610