6 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-1000528
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting XSS vulnerability in change password form...
Ubuntu: Security Advisory (USN-4609-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4609-1: GOsa vulnerabilities
Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. CVE-2019-14466 It was discovered that GOsa incorrectly handled user access...
Debian DSA-4239-1 : gosa - security update
Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4239. The text itse...
[SECURITY] [DSA 4239-1] gosa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4239-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 03, 2018 https://www.debian.org/security/faq -...
CVE-2018-1000528
CVE-2018-1000528 affects GONICUS GOsa prior to commit 56070d6289d47ba3f5918885954dcceb75606001. The XSS flaw is in the change password form (html/password.php, #308), allowing injection of arbitrary script/HTML when a user views a specially crafted page. Attack requires victim interaction (openin...