Cross Site Scripting Vulnerability in GONICUS GOsa Affecting Multiple Versions
CVE-2018-1000528

6.1MEDIUM

Key Information:

Vendor

Debian
Status
Debian Linux
Vendor
CVE Published:
26 June 2018

What is CVE-2018-1000528?

The GONICUS GOsa application prior to a specific commit contains a Cross Site Scripting (XSS) vulnerability in its password change form. This weakness permits attackers to inject arbitrary web scripts or HTML into the application, potentially compromising user data and sessions. Exploitation requires the victim to visit a specially crafted webpage, emphasizing the need for users to be cautious when accessing links. The issue was addressed in a subsequent update, repairing the security gap to safeguard users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.debian.org/security/2018/dsa-4239
vendor-advisoryx_refsource_DEBIAN
https://lists.debian.org/debian-lts-announce/2018/07/msg0...
mailing-listx_refsource_MLIST
https://github.com/gosa-project/gosa-core/issues/14
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.