CVE-2018-1000528

GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML. This attack appear to be exploitable via the victim must open a specially crafted web page. This vulnerability appears to have been fixed in after commit 56070d6289d47ba3f5918885954dcceb75606001.

References

Affected packages

Debian:11 / gosa

Package

Name: gosa
Purl: pkg:deb/debian/gosa?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.4+reloaded3-5

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / gosa

Package

Name: gosa
Purl: pkg:deb/debian/gosa?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.4+reloaded3-5

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / gosa

Package

Name: gosa
Purl: pkg:deb/debian/gosa?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.4+reloaded3-5

Ecosystem specific

{
    "urgency": "low"
}

Git / github.com/gosa-project/gosa-core

Affected ranges

Type: GIT
Repo: https://github.com/gosa-project/gosa-core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

56070d6289d47ba3f5918885954dcceb75606001

Fixed

56070d6289d47ba3f5918885954dcceb75606001

Affected versions

2.*

2.7.5

2.7.5.1

2.7.5.2