CVE-2017-15092

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-15092

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15092.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-15092

Downstream

DEBIAN-CVE-2017-15092

UBUNTU-CVE-2017-15092

openSUSE-SU-2024:11157-1

Related

openSUSE-SU-2024:11157-1

Published

2018-01-23T15:29:00Z

Modified

2025-10-08T03:14:34.502787Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.

References

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type: GIT
Repo: https://github.com/powerdns/pdns
Events: Introduced

ba64cecd417688dc39c75e92f1a23b91f7f46d64

Last affected

f8023470fdd6c5af6f163857757a90f5955a860e

Affected versions

auth-4.*

auth-4.0.0

auth-4.0.1

dnsdist-1.*

dnsdist-1.1.0-beta1

rec-4.*

rec-4.0.0

rec-4.0.1

rec-4.0.2

rec-4.0.3

rec-4.0.4

rec-4.0.5

rec-4.0.5-rc1

rec-4.0.5-rc2

rec-4.0.6