Your submission was sent successfully! Close

CVE-2018-1000528

Published: 26 June 2018

GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
gosa
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Needed

cosmic Ignored
(reached end-of-life)
disco Not vulnerable
(2.7.4+reloaded3-5)
eoan Not vulnerable
(2.7.4+reloaded3-5)
focal Not vulnerable
(2.7.4+reloaded3-5)
groovy Not vulnerable
(2.7.4+reloaded3-5)
hirsute Not vulnerable
(2.7.4+reloaded3-5)
impish Not vulnerable
(2.7.4+reloaded3-5)
jammy Not vulnerable
(2.7.4+reloaded3-5)
precise Does not exist

trusty Does not exist
(trusty was needs-triage)
upstream
Released (2.7.4+reloaded3-5)
xenial
Released (2.7.4+reloaded2-9ubuntu1.1)