|
|
Subscribe / Log in / New account

backuppc: cross-site scripting

Package(s):backuppc CVE #(s):CVE-2011-5081
Created:May 18, 2012 Updated:January 7, 2013
Description:

From the Ubuntu advisory:

It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

Alerts:
Mandriva MDVSA-2013:062 backuppc 2013-04-08
Fedora FEDORA-2012-20968 BackupPC 2013-01-05
Mageia MGASA-2012-0165 backuppc 2012-07-14
Mageia MGASA-2012-0139 backuppc 2012-07-09
Ubuntu USN-1444-1 backuppc 2012-05-17
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds